From: Yael Tiomkin <yaelt@google.com>
To: Jarkko Sakkinen <jarkko@kernel.org>
Cc: Martin Ross <mross@pobox.com>,
corbet@lwn.net, dhowells@redhat.com, jejb@linux.ibm.com,
jmorris@namei.org, keyrings@vger.kernel.org,
linux-doc@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-security-module <linux-security-module@vger.kernel.org>,
serge@hallyn.com, Mimi Zohar <zohar@linux.ibm.com>
Subject: Re: [PATCH v4] KEYS: encrypted: Instantiate key with user-provided decrypted data
Date: Wed, 26 Jan 2022 15:56:44 -0500 [thread overview]
Message-ID: <CAKoutNsaHNriobnsQ1X0Qfs=K+YN3JvfhTBnQqPL01AvjRm5EA@mail.gmail.com> (raw)
In-Reply-To: <YfFf8fvsDm8lQJgJ@iki.fi>
On Wed, Jan 26, 2022 at 9:51 AM Jarkko Sakkinen <jarkko@kernel.org> wrote:
>
> On Wed, Jan 26, 2022 at 04:47:22PM +0200, Jarkko Sakkinen wrote:
> > On Tue, Jan 18, 2022 at 01:26:05PM -0500, Martin Ross wrote:
> > > Hi Jarkko,
> > >
> > > I have been working with Yael on this project so I thought I might add
> > > a bit of background here around the use case that this series of
> > > patches is trying to address.
> > >
> > > At a high level we are trying to provide users of encryption that have
> > > key management hierarchies a better tradeoff between security and
> > > availability. For available and performance reasons master keys often
> > > need to be released (or derived/wrapped keys created) outside of a KMS
> > > to clients (which may in turn further wrap those keys in a series of
> > > levels). What we are trying to do is provide a mechanism where the
> > > wrapping/unwrapping of these keys is not dependent on a remote call at
> > > runtime. e.g. To unwrap a key if you are using AWS KMS or Google
> > > Service you need to make an RPC. In practice to defend against
> > > availability or performance issues, designers end up building their
> > > own kms and effectively encrypting everything with a DEK. The DEK
> > > encrypts same set as the master key thereby eliminating the security
> > > benefit of keeping the master key segregated in the first place.
>
> Mainly this part (would be enough to explain why it is there).
>
> BR, Jarkko
Hi Jarkko,
As for the commit message, WDYT about the following:
KEYS: encrypted: Instantiate key with user-provided decrypted data
For availability and performance reasons master keys often need to be
released outside of a KMS to clients. It would be beneficial to provide a
mechanism where the wrapping/unwrapping of DEKs is not dependent
on a remote call at runtime yet security is not (or only minimally) compromised.
Master keys could be securely stored in the Kernel and be used to wrap/unwrap
keys from userspace.
The encrypted.c class supports instantiation of encrypted keys with
either an already-encrypted key material, or by generating new key
material based on random numbers. This patch defines a new datablob
format: [<format>] <master-key name> <decrypted data length>
<decrypted data> that allows to inject and encrypt user-provided
decrypted data.
I want to make sure we're on the same page before publishing a new version.
Thanks,
Yael
next prev parent reply other threads:[~2022-01-26 20:57 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-18 18:26 [PATCH v4] KEYS: encrypted: Instantiate key with user-provided decrypted data Martin Ross
2022-01-26 14:47 ` Jarkko Sakkinen
2022-01-26 14:51 ` Jarkko Sakkinen
2022-01-26 20:56 ` Yael Tiomkin [this message]
2022-02-04 6:27 ` Jarkko Sakkinen
-- strict thread matches above, loose matches on Subject: below --
2021-12-29 21:53 Yael Tiomkin
2021-12-30 10:07 ` Sumit Garg
2021-12-30 13:29 ` Mimi Zohar
2022-01-03 6:51 ` Sumit Garg
2022-01-05 20:18 ` Yael Tiomkin
2022-01-07 5:14 ` Sumit Garg
2022-01-07 12:53 ` Yael Tiomkin
2022-01-07 13:32 ` Sumit Garg
2022-01-13 19:14 ` Yael Tiomkin
2022-01-18 6:46 ` Sumit Garg
2022-01-05 20:12 ` Jarkko Sakkinen
2022-01-06 18:30 ` Yael Tiomkin
2022-01-08 21:58 ` Jarkko Sakkinen
2022-01-10 16:04 ` Nayna
2022-01-13 19:01 ` Yael Tiomkin
2022-01-20 17:13 ` Nayna
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKoutNsaHNriobnsQ1X0Qfs=K+YN3JvfhTBnQqPL01AvjRm5EA@mail.gmail.com' \
--to=yaelt@google.com \
--cc=corbet@lwn.net \
--cc=dhowells@redhat.com \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mross@pobox.com \
--cc=serge@hallyn.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.