ecryptfs-devel team mailing list archive
-
ecryptfs-devel team
-
Mailing list archive
-
Message #00005
Re: [PATCH] ecryptfs-utils: key escrow
On Wed, Oct 29, 2008 at 11:57 AM, Michael Halcrow <mhalcrow@xxxxxxxxxx> wrote:
> This patch makes the minimal changes necessary to enable passphrase
> key escrow and key recovery via a SOAP client/server mechanism. This
> is currently at the proof-of-concept level of implementation; there is
> ample opportunity to add features. You need Python and SWIG installed
> to build the libecryptfs SWIG component. Run key-escrow-server, and
> then run escrow-passphrase.py [passphrase] to escrow the key and
> retrieve-passphrase.py [sig] to fetch the key from the server and put
> it in your keyring, all via localhost. There are all kinds of
> opportunities to make this useful and secure, such as stunnel for
> client-server communications, some kind of authentication mechanism,
> and the ability to specify the remote server and storage
> location. This patch just gives a convenient base from which to flesh
> out a real key escrow capability.
Also, Mike, do you have any documents, discussing the overarching design?
:-Dustin
Follow ups