Track Linux key retention service
Open, MediumPublic
Actions

Edit Task
Edit Related Tasks...
Create Subtask
Edit Parent Tasks
Edit Subtasks
Merge Duplicates In
Close As Duplicate
Edit Related Objects...
Edit Commits
Edit Mocks
Mute Notifications
Protect as security issue
Award Token
Flag For Later

Assigned To

None

Authored By

	Vgutierrez
	Feb 4 2024, 2:42 PM

Description

The linux kernel (6.1 aka bookworm) provides a key retention service / keyring that allows safely storing and using keys.

We should track the evolution of the service as it could be pretty interesting for some use cases: acme-chief + cp servers. Sadly right now it doesn't support ECDSA so usage on cp servers is out of the question (yet).

links:

https://blog.cloudflare.com/the-linux-kernel-key-retention-service-and-why-you-should-use-it-in-your-next-application
https://docs.kernel.org/security/keys/core.html
ECDSA support (not merged): https://patchwork.kernel.org/project/keyrings/cover/20221014100737.94742-1-ignat@cloudflare.com/

Event Timeline

Vgutierrez created this task.Feb 4 2024, 2:42 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 4 2024, 2:42 PM

Vgutierrez triaged this task as Medium priority.Feb 4 2024, 2:43 PM

Fabfur subscribed.Feb 6 2024, 3:16 PM

BCornwall subscribed.Feb 6 2024, 4:11 PM

Track Linux key retention serviceOpen, MediumPublicActions

Description

Event Timeline

Track Linux key retention service
Open, MediumPublic
Actions