| 1 | Source: distorted-keys |
| 2 | Section: utils |
| 3 | Priority: optional |
| 4 | Maintainer: Mark Wooding <mdw@distorted.org.uk> |
| 5 | Build-Depends: python (>= 2.5), debhelper (>= 8.1.2) |
| 6 | Standards-Version: 3.1.1 |
| 7 | |
| 8 | Package: distorted-keys |
| 9 | Architecture: all |
| 10 | Depends: python (>= 2.5), userv, openssl (>= 0.9.8o), adduser |
| 11 | Recommends: gnupg |
| 12 | Suggests: seccure, texlive-latex-recommended, qrencode |
| 13 | Description: Basic key-management system with secure recovery features. |
| 14 | The primary purpose of the distorted.org.uk key management system is |
| 15 | to provide a secure way of recovering important cryptographic keys, |
| 16 | e.g., keys for decrypting backup volumes, in the event of a disaster. |
| 17 | . |
| 18 | Because it was technically fairly easy, given this infrastructure, the |
| 19 | system also allows users to generate and use their own keys, without |
| 20 | revealing the actual key data, on the theory that, what a user program |
| 21 | doesn't know, it can't leak. |
| 22 | . |
| 23 | This system doesn't actually do very much cryptography itself. Instead, |
| 24 | it uses other existing implementations, such as GnuPG, OpenSSL, and |
| 25 | Seccure. |
| 26 | |
| 27 | Package: claim-dir |
| 28 | Architecture: all |
| 29 | Depends: userv |
| 30 | Recommends: cryptsetup, dmsetup |
| 31 | Description: Allow users to claim directories on file systems |
| 32 | Machines sometimes have storage devices with useful special properties -- |
| 33 | such as high performance, or secure erasure on power failure. Rather than |
| 34 | set the root of such a filesystem world-writable and sticky, thereby making |
| 35 | another filesystem as hard to use safely as `/tmp', `claim-dir' lets users |
| 36 | claim directories on such filesystems via `userv'. A newly claimed |
| 37 | directory is named after the calling user, and created readable and writable |
| 38 | only by the calling user -- so he or she can relax the permissions later if |
| 39 | necessary. |
| 40 | . |
| 41 | A script `mount-ephemeral' is included which allows the construction of an |
| 42 | ephemeral filesystem -- one which is backed by normal storage (typically in |
| 43 | `/tmp'), but encrypted using a temporary key which will be lost at reboot. |
| 44 | This script can be used to build a safe place for the storage of |
| 45 | temporary secrets. |