[distorted-keys] / debian / control

Source: distorted-keys
Section: utils
Priority: optional
Maintainer: Mark Wooding <mdw@distorted.org.uk>
Build-Depends: python (>= 2.5), debhelper (>= 8.1.2)
Standards-Version: 3.1.1

Package: distorted-keys-base
Architecture: all
Depends: openssl (>= 0.9.8o)
Recommends: gnupg, claim-dir
Suggests: seccure
Description: Underlying machinery for distorted.org.uk key-management system.
 This package contains the libraries and key-type definitions for the
 distorted.org.uk key-management system.  It also contains a script suitable
 for doing public-key operations without any of the `userv' machinery
 required by the full system.  It might therefore be useful to install this
 package on satellite systems, even if they don't have the full system.

Package: distorted-keys
Architecture: all
Depends: distorted-keys-base, python (>= 2.5), userv, adduser, qrencode
Suggests: texlive-latex-recommended
Description: Basic key-management system with secure recovery features.
 The primary purpose of the distorted.org.uk key management system is
 to provide a secure way of recovering important cryptographic keys,
 e.g., keys for decrypting backup volumes, in the event of a disaster.
 .
 Because it was technically fairly easy, given this infrastructure, the
 system also allows users to generate and use their own keys, without
 revealing the actual key data, on the theory that, what a user program
 doesn't know, it can't leak.
 .
 This system doesn't actually do very much cryptography itself.  Instead,
 it uses other existing implementations, such as GnuPG, OpenSSL, and
 Seccure.

Package: claim-dir
Architecture: all
Depends: userv
Recommends: cryptsetup, dmsetup
Description: Allow users to claim directories on file systems
 Machines sometimes have storage devices with useful special properties --
 such as high performance, or secure erasure on power failure.  Rather than
 set the root of such a filesystem world-writable and sticky, thereby making
 another filesystem as hard to use safely as `/tmp', `claim-dir' lets users
 claim directories on such filesystems via `userv'.  A newly claimed
 directory is named after the calling user, and created readable and writable
 only by the calling user -- so he or she can relax the permissions later if
 necessary.
 .
 A script `mount-ephemeral' is included which allows the construction of an
 ephemeral filesystem -- one which is backed by normal storage (typically in
 `/tmp'), but encrypted using a temporary key which will be lost at reboot.
 This script can be used to build a safe place for the storage of
 temporary secrets.
Commit	Line	Data
f012ad83 MW	1	Source: distorted-keys
	2	Section: utils
	3	Priority: optional
	4	Maintainer: Mark Wooding <mdw@distorted.org.uk>
	5	Build-Depends: python (>= 2.5), debhelper (>= 8.1.2)
	6	Standards-Version: 3.1.1
	7
315ad13e	8	Package: distorted-keys-base
f012ad83	9	Architecture: all
315ad13e	10	Depends: openssl (>= 0.9.8o)
125f634c	11	Recommends: gnupg, claim-dir
315ad13e MW	12	Suggests: seccure
	13	Description: Underlying machinery for distorted.org.uk key-management system.
	14	This package contains the libraries and key-type definitions for the
	15	distorted.org.uk key-management system. It also contains a script suitable
	16	for doing public-key operations without any of the `userv' machinery
	17	required by the full system. It might therefore be useful to install this
	18	package on satellite systems, even if they don't have the full system.
	19
	20	Package: distorted-keys
	21	Architecture: all
ac1aec3a MW	22	Depends: distorted-keys-base, python (>= 2.5), userv, adduser, qrencode
ac1aec3a MW	23	Suggests: texlive-latex-recommended
f012ad83 MW	24	Description: Basic key-management system with secure recovery features.
	25	The primary purpose of the distorted.org.uk key management system is
	26	to provide a secure way of recovering important cryptographic keys,
	27	e.g., keys for decrypting backup volumes, in the event of a disaster.
4120b1dd	28	.
f012ad83 MW	29	Because it was technically fairly easy, given this infrastructure, the
	30	system also allows users to generate and use their own keys, without
	31	revealing the actual key data, on the theory that, what a user program
	32	doesn't know, it can't leak.
	33	.
	34	This system doesn't actually do very much cryptography itself. Instead,
	35	it uses other existing implementations, such as GnuPG, OpenSSL, and
	36	Seccure.
33aa94e8 MW	37
	38	Package: claim-dir
	39	Architecture: all
	40	Depends: userv
	41	Recommends: cryptsetup, dmsetup
	42	Description: Allow users to claim directories on file systems
	43	Machines sometimes have storage devices with useful special properties --
	44	such as high performance, or secure erasure on power failure. Rather than
	45	set the root of such a filesystem world-writable and sticky, thereby making
	46	another filesystem as hard to use safely as `/tmp', `claim-dir' lets users
	47	claim directories on such filesystems via `userv'. A newly claimed
	48	directory is named after the calling user, and created readable and writable
	49	only by the calling user -- so he or she can relax the permissions later if
	50	necessary.
	51	.
	52	A script `mount-ephemeral' is included which allows the construction of an
	53	ephemeral filesystem -- one which is backed by normal storage (typically in
	54	`/tmp'), but encrypted using a temporary key which will be lost at reboot.
	55	This script can be used to build a safe place for the storage of
	56	temporary secrets.