[PATCH v4] KEYS: encrypted: Instantiate key with user-provided decrypted data
Jarkko Sakkinen
jarkko at kernel.org
Sat Jan 8 21:58:39 UTC 2022
On Wed, Dec 29, 2021 at 04:53:30PM -0500, Yael Tiomkin wrote:
> The encrypted.c class supports instantiation of encrypted keys with
> either an already-encrypted key material, or by generating new key
> material based on random numbers. This patch defines a new datablob
> format: [<format>] <master-key name> <decrypted data length>
> <decrypted data> that allows to instantiate encrypted keys using
> user-provided decrypted data, and therefore allows to perform key
> encryption from userspace. The decrypted key material will be
> inaccessible from userspace.
>
> Reviewed-by: Mimi Zohar <zohar at linux.ibm.com>
> Signed-off-by: Yael Tiomkin <yaelt at google.com>
What is the use case for this?
BR, Jarkko
More information about the Linux-security-module-archive
mailing list