| 1 | Source: distorted-keys |
| 2 | Section: utils |
| 3 | Priority: optional |
| 4 | Maintainer: Mark Wooding <mdw@distorted.org.uk> |
| 5 | Build-Depends: python (>= 2.5), debhelper (>= 8.1.2) |
| 6 | Standards-Version: 3.1.1 |
| 7 | |
| 8 | Package: distorted-keys-base |
| 9 | Architecture: all |
| 10 | Depends: openssl (>= 0.9.8o) |
| 11 | Recommends: gnupg, claim-dir |
| 12 | Suggests: seccure |
| 13 | Description: Underlying machinery for distorted.org.uk key-management system. |
| 14 | This package contains the libraries and key-type definitions for the |
| 15 | distorted.org.uk key-management system. It also contains a script suitable |
| 16 | for doing public-key operations without any of the `userv' machinery |
| 17 | required by the full system. It might therefore be useful to install this |
| 18 | package on satellite systems, even if they don't have the full system. |
| 19 | |
| 20 | Package: distorted-keys |
| 21 | Architecture: all |
| 22 | Depends: distorted-keys-base, python (>= 2.5), userv, adduser, qrencode |
| 23 | Suggests: texlive-latex-recommended |
| 24 | Description: Basic key-management system with secure recovery features. |
| 25 | The primary purpose of the distorted.org.uk key management system is |
| 26 | to provide a secure way of recovering important cryptographic keys, |
| 27 | e.g., keys for decrypting backup volumes, in the event of a disaster. |
| 28 | . |
| 29 | Because it was technically fairly easy, given this infrastructure, the |
| 30 | system also allows users to generate and use their own keys, without |
| 31 | revealing the actual key data, on the theory that, what a user program |
| 32 | doesn't know, it can't leak. |
| 33 | . |
| 34 | This system doesn't actually do very much cryptography itself. Instead, |
| 35 | it uses other existing implementations, such as GnuPG, OpenSSL, and |
| 36 | Seccure. |
| 37 | |
| 38 | Package: claim-dir |
| 39 | Architecture: all |
| 40 | Depends: userv |
| 41 | Recommends: cryptsetup, dmsetup |
| 42 | Description: Allow users to claim directories on file systems |
| 43 | Machines sometimes have storage devices with useful special properties -- |
| 44 | such as high performance, or secure erasure on power failure. Rather than |
| 45 | set the root of such a filesystem world-writable and sticky, thereby making |
| 46 | another filesystem as hard to use safely as `/tmp', `claim-dir' lets users |
| 47 | claim directories on such filesystems via `userv'. A newly claimed |
| 48 | directory is named after the calling user, and created readable and writable |
| 49 | only by the calling user -- so he or she can relax the permissions later if |
| 50 | necessary. |
| 51 | . |
| 52 | A script `mount-ephemeral' is included which allows the construction of an |
| 53 | ephemeral filesystem -- one which is backed by normal storage (typically in |
| 54 | `/tmp'), but encrypted using a temporary key which will be lost at reboot. |
| 55 | This script can be used to build a safe place for the storage of |
| 56 | temporary secrets. |