chiark / gitweb /
Makefile: Install configuration files.
[distorted-keys] / debian / control
1Source: distorted-keys
2Section: utils
3Priority: optional
4Maintainer: Mark Wooding <>
5Build-Depends: python (>= 2.5), debhelper (>= 8.1.2)
6Standards-Version: 3.1.1
315ad13e 8Package: distorted-keys-base
f012ad83 9Architecture: all
315ad13e 10Depends: openssl (>= 0.9.8o)
125f634c 11Recommends: gnupg, claim-dir
12Suggests: seccure
13Description: Underlying machinery for key-management system.
14 This package contains the libraries and key-type definitions for the
15 key-management system. It also contains a script suitable
16 for doing public-key operations without any of the `userv' machinery
17 required by the full system. It might therefore be useful to install this
18 package on satellite systems, even if they don't have the full system.
20Package: distorted-keys
21Architecture: all
22Depends: distorted-keys-base, python (>= 2.5), userv, adduser
23Suggests: texlive-latex-recommended, qrencode
24Description: Basic key-management system with secure recovery features.
25 The primary purpose of the key management system is
26 to provide a secure way of recovering important cryptographic keys,
27 e.g., keys for decrypting backup volumes, in the event of a disaster.
28 .
29 Because it was technically fairly easy, given this infrastructure, the
30 system also allows users to generate and use their own keys, without
31 revealing the actual key data, on the theory that, what a user program
32 doesn't know, it can't leak.
33 .
34 This system doesn't actually do very much cryptography itself. Instead,
35 it uses other existing implementations, such as GnuPG, OpenSSL, and
36 Seccure.
38Package: claim-dir
39Architecture: all
40Depends: userv
41Recommends: cryptsetup, dmsetup
42Description: Allow users to claim directories on file systems
43 Machines sometimes have storage devices with useful special properties --
44 such as high performance, or secure erasure on power failure. Rather than
45 set the root of such a filesystem world-writable and sticky, thereby making
46 another filesystem as hard to use safely as `/tmp', `claim-dir' lets users
47 claim directories on such filesystems via `userv'. A newly claimed
48 directory is named after the calling user, and created readable and writable
49 only by the calling user -- so he or she can relax the permissions later if
50 necessary.
51 .
52 A script `mount-ephemeral' is included which allows the construction of an
53 ephemeral filesystem -- one which is backed by normal storage (typically in
54 `/tmp'), but encrypted using a temporary key which will be lost at reboot.
55 This script can be used to build a safe place for the storage of
56 temporary secrets.