From: James Prestwood <prestwoj at gmail.com>
To: iwd at lists.01.org
Subject: [RFC 0/2] Encrypt secrets using systemd provided key
Date: Thu, 20 Jan 2022 16:41:28 -0800 [thread overview]
Message-ID: <20220121004130.2473281-1-prestwoj@gmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 2582 bytes --]
There has been interest in enabling IWD users to store their network
credentials in some encrypted form. Recently systemd added support for
passing secrets/credentials to services only accessible by the service
they are intended. This provides a clean way of obtaining a secret key
which IWD can use to encrypt anything it writes to the FS. In addition
there is no hard dependency on systemd since the credential is provided
as a file (i.e. no Dbus API or linked library etc).
At the moment setting up the IWD service to use this feature will be
left up to the user. But setting this up is very straight forward. I
used docs for systemd-creds (Example 2):
https://www.freedesktop.org/software/systemd/man/systemd-creds.html
The only difference is the --name argument should be iwd-secret.
Note: systemd version 250 is required.
The reason this is being sent as an RFC is because of some open questions
I had and wanted feedback on:
1. What options specifically do we want encrypted? These patches only
address Passphrase and PreSharedKey but really any option could be
encrypted. Obviously we would also want 802.1x secrets, but are there
other non-obvious options with privacy concerns?
2. What is the stance on existing provisioning files? Currently these
changes overwrite any existing files with the new *Encrypted options
automatically. Is this desirable? or should user have to opt-in their
existing provisioning files.
3. Is the secret provided via a file enough? (the secret is still stored
as plaintext *somewhere*, though systemd limits permissions). Systemd
supports an IPC mechanism to obtain the secret. Is this more secure?
4. Should full provisioning file encryption be optional/supported? I felt
it was best to only encrypt sensitive options like PSK/Passphrase which
would allow editing of the provisioning file without extra steps of
decrypting, editing, and encrypting. I think this is above the capability
or desire of most users.
If, though, a provisioning file is never expected to change or issued by
a network administrator that does not want it edited I could see full
file encryption being ok.
James Prestwood (2):
main: add SystemdEncrypt option, and initialize key
network: add support for encrypted Passphrase/PSK
src/iwd.h | 1 +
src/main.c | 64 ++++++++++++++++++
src/network.c | 183 ++++++++++++++++++++++++++++++++++++++++++++++++--
3 files changed, 242 insertions(+), 6 deletions(-)
--
2.31.1
next reply other threads:[~2022-01-21 0:41 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-21 0:41 James Prestwood [this message]
2022-01-21 15:20 [RFC 0/2] Encrypt secrets using systemd provided key Marcel Holtmann
2022-01-21 20:19 James Prestwood
2022-01-21 20:35 Marcel Holtmann
2022-01-21 20:49 James Prestwood
2022-01-21 20:54 Marcel Holtmann
2022-01-21 22:22 Diederik de Haas
2022-01-21 22:30 James Prestwood
2022-01-21 22:36 Marcel Holtmann
2022-01-21 22:42 Diederik de Haas
2022-01-21 23:46 Diederik de Haas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220121004130.2473281-1-prestwoj@gmail.com \
--to=unknown@example.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.