Some encryption-related projects

W. Michael Petullo mike at flyn.org
Sun Nov 14 19:16:51 UTC 2004 

I have several encryption-related projects that I like to advertise
on this list every once in a while in hopes of attracting interested
developers or testers.  Since we are just beginning work on Fedora Core
4, now seemed like a good time to mention them.

1.  Encrypted swap.

This is a prerequisite for many different disk encryption techniques.
See [1] for a good example of why this is necessary (potential shortcoming
of Apple's FileVault).  See Red Hat bug #127378 for some discussion about
this, including a proposed patch for initscripts.  The patch has not been
scrutinized very much yet, so is only meant to encourage discussion at
this point.

2.  Encrypted root filesystem.

Red Hat Bug #182479 discusses adding support for an encrypted root
filesystem to Fedora.  The bug contains a patch for mkinird that
facilitates this.  Eventually it would be nice to see support in anaconda
for this, but #182479 is the first step.

3.  Pam-keyring.

The pam-keyring PAM module unlocks a GNOME keyring for a user using that
user's login password.  The idea behind pam-keyring is to make using
GNOME keyrings as transparent as possible.  Pam-keyring is available
at http://flyn.org/projects/pam_keyring/index.html.

4.  Command line gnome-keyring tool.

GNOME bug #155681 proposes an addition to gnome-keyring.  The
gnome-keyringtool utility is a program that manipulates keyrings from
the command line.  I originally wrote gnome-keyringtool so that it could
be assigned SELinux privileges and used by pam-keyring.  This avoids
assigning additional privileges to various login programs.

5.  Automounting encrypted removable filesystems.

I would like to see encrypted removable filesystems handled as
transparently as other removable media.  Red Hat bug #133461
discusses this a bit.  I have done some experimentation with
this and have a prototype working.  However, my work contains
a large kludge to get HAL to acknowledge dm-crypt filesystems
properly.  Documentation of this shortcoming may be found at
http://freedesktop.org/pipermail/hal/2004-September/001051.html and
http://marc.theaimsgroup.com/?l=linux-kernel&m=109937418210973&w=2.

[1] Archive of bugtraq mailing list message:
http://securityfocus.com/archive/1/367116/2004-06-24/2004-06-30/0
Date: 06/25/2004
Subject: Mac OS X stores login/Keychain/FileVault passwords on disk
Author: Matt Johnston

-- 
Mike

:wq

More information about the fedora-devel-list mailing list