ecryptfs-users team mailing list archive
-
ecryptfs-users team
-
Mailing list archive
-
Message #00038
Re: Wrapping mount key file by using two or more keys?
On Fri, Feb 26, 2010 at 12:38:32PM +0800, Dustin Kirkland wrote:
> > Exactly. Does such an infrastructure exist? Or maybe I can start to
> > write one.
>
> No, none exists yet. Let's discuss it a bit more, make sure we agree
> on a design. I'd also like to get Tyler's opinion on it.
Yeah, sure.
> The functions that deal with the wrapped-passphrase file are
> relatively few. We could support a glob-type interface reasonably
> easily. I'm just not sure of the security of doing so. I guess we'd
> need to know a little more about the use case, if possible.
I'm exploring alternative ways for authenticating a user.
For example:
1. two people share a single encrypted directory but don't want to
share their passwords with each other
2. the user may want to use either a smart card or a password to
login
> > BTW, does this has anything to do with PKCS#11 support?
>
> Hmm, not that I know of. It's more of a token interface. Like a
> fingerprint reader that produces an authentication token.
--
Best regards,
Li, Yan
Moblin Team, Opensource Technology Center, SSG, Intel
Office tel.: +86-10-82171695 (inet: 8-758-1695)
OpenPGP key: 5C6C31EF
IRC: yanli on network irc.freenode.net
Follow ups
References