Hi! On 06/02/2011 06:15 AM, Xun Sun wrote:
- Is MSSF framework now fully functional? It looks like that the secure storage feature depends on libsmackman which is not available from the zypper repository. And how do I know if I have the kernel feature required for the framework to work?
As Elena said all mssf packages are in a dormant state right now, due to reasons well known. Still, if you check out the changelog of some other packages under meego-platform-security you will notice that not all things are in a standstill.
I'm planning to upgrade mssf-crypto package sometime in the summer but since that's work nobody is paying for at the moment it will have to wait until I have some leisure time for it.
- Do we have a password-based encryption scheme in mssf-crypto now or in the future?
It would be a useful addition. Passwordless, credentials-bound cryptography is kind of the big idea in mssf-crypto, but in case there are no TEE services to take care of the root secrets they must be protected by a user-supplied password.
I have been thinking of adding this feature in the emulator version of libtee, so that when the first application wants to use crypto services a password would be asked to decrypt the master secret and then applications would be allowed to use their distinct keys derived from it as before. After a timeout or for a user action the framework would again close. Kind of a "open safe/close safe" type of functionality.
It would be interesting to hear more of your needs. When you take care of key management yourself both OpenSSL and NSS have an abundancy of functions you can use for encryption, though and also feel free to harvest aegis-crypto sources for an XTS/AES implementation.
JuM _______________________________________________ MeeGo-security-discussion mailing list [email protected] http://lists.meego.com/listinfo/meego-security-discussion
