← Back to team overview

ecryptfs-devel team mailing list archive

Re: [PATCH] ecryptfs-utils: key escrow

 

On Wed, Oct 29, 2008 at 11:57 AM, Michael Halcrow <mhalcrow@xxxxxxxxxx> wrote:
> This patch makes the minimal changes necessary to enable passphrase
> key escrow and key recovery via a SOAP client/server mechanism. This
> is currently at the proof-of-concept level of implementation; there is
> ample opportunity to add features. You need Python and SWIG installed
> to build the libecryptfs SWIG component. Run key-escrow-server, and
> then run escrow-passphrase.py [passphrase] to escrow the key and
> retrieve-passphrase.py [sig] to fetch the key from the server and put
> it in your keyring, all via localhost. There are all kinds of
> opportunities to make this useful and secure, such as stunnel for
> client-server communications, some kind of authentication mechanism,
> and the ability to specify the remote server and storage
> location. This patch just gives a convenient base from which to flesh
> out a real key escrow capability.


Also, Mike, do you have any documents, discussing the overarching design?

:-Dustin



Follow ups