Commit | Line | Data |
---|---|---|
f012ad83 MW |
1 | Source: distorted-keys |
2 | Section: utils | |
3 | Priority: optional | |
4 | Maintainer: Mark Wooding <mdw@distorted.org.uk> | |
5 | Build-Depends: python (>= 2.5), debhelper (>= 8.1.2) | |
6 | Standards-Version: 3.1.1 | |
7 | ||
8 | Package: distorted-keys | |
9 | Architecture: all | |
10 | Depends: python (>= 2.5), userv, openssl (>= 0.9.8o), adduser | |
125f634c | 11 | Recommends: gnupg, claim-dir |
f012ad83 MW |
12 | Suggests: seccure, texlive-latex-recommended, qrencode |
13 | Description: Basic key-management system with secure recovery features. | |
14 | The primary purpose of the distorted.org.uk key management system is | |
15 | to provide a secure way of recovering important cryptographic keys, | |
16 | e.g., keys for decrypting backup volumes, in the event of a disaster. | |
17 | . | |
18 | Because it was technically fairly easy, given this infrastructure, the | |
19 | system also allows users to generate and use their own keys, without | |
20 | revealing the actual key data, on the theory that, what a user program | |
21 | doesn't know, it can't leak. | |
22 | . | |
23 | This system doesn't actually do very much cryptography itself. Instead, | |
24 | it uses other existing implementations, such as GnuPG, OpenSSL, and | |
25 | Seccure. | |
33aa94e8 MW |
26 | |
27 | Package: claim-dir | |
28 | Architecture: all | |
29 | Depends: userv | |
30 | Recommends: cryptsetup, dmsetup | |
31 | Description: Allow users to claim directories on file systems | |
32 | Machines sometimes have storage devices with useful special properties -- | |
33 | such as high performance, or secure erasure on power failure. Rather than | |
34 | set the root of such a filesystem world-writable and sticky, thereby making | |
35 | another filesystem as hard to use safely as `/tmp', `claim-dir' lets users | |
36 | claim directories on such filesystems via `userv'. A newly claimed | |
37 | directory is named after the calling user, and created readable and writable | |
38 | only by the calling user -- so he or she can relax the permissions later if | |
39 | necessary. | |
40 | . | |
41 | A script `mount-ephemeral' is included which allows the construction of an | |
42 | ephemeral filesystem -- one which is backed by normal storage (typically in | |
43 | `/tmp'), but encrypted using a temporary key which will be lost at reboot. | |
44 | This script can be used to build a safe place for the storage of | |
45 | temporary secrets. |