On Fri, 2018-08-03 at 15:55 +0100, David Howells wrote: > Mimi Zohar <zo...@linux.ibm.com> wrote: > > > "trusted" keys are currently being used to decrypt other keys (eg. > > encrypted, ecryptfs, ...). > > Can it decrypt both symmetric and asymmetric keys?
Yes, the "trusted" key is returned to the caller and is used to decrypt a datablob. For an example, refer to encrypted_key_decrypt(). The call to request_master_key() returns either the "trusted" or "user" type key, which is used to decrypt the "enccrypted" key type. Mimi
