[PATCH v4] KEYS: encrypted: Instantiate key with user-provided decrypted data
Jarkko Sakkinen
jarkko at kernel.org
Wed Jan 5 20:12:27 UTC 2022
On Wed, 2021-12-29 at 16:53 -0500, Yael Tiomkin wrote:
> The encrypted.c class supports instantiation of encrypted keys with
> either an already-encrypted key material, or by generating new key
> material based on random numbers. This patch defines a new datablob
> format: [<format>] <master-key name> <decrypted data length>
> <decrypted data> that allows to instantiate encrypted keys using
> user-provided decrypted data, and therefore allows to perform key
> encryption from userspace. The decrypted key material will be
> inaccessible from userspace.
The 2nd to last sentence is essentially a tautology but fails to
be even that, as you can already "perform key encryption" from user
space, just not with arbitrary key material.
It does not elighten any applications of this feature.
/Jarkko
More information about the Linux-security-module-archive
mailing list