| | 1 | Source: distorted-keys |
| | 2 | Section: utils |
| | 3 | Priority: optional |
| | 4 | Maintainer: Mark Wooding <mdw@distorted.org.uk> |
| | 5 | Build-Depends: python (>= 2.5), debhelper (>= 8.1.2) |
| | 6 | Standards-Version: 3.1.1 |
| | 7 | |
| | 8 | Package: distorted-keys |
| | 9 | Architecture: all |
| | 10 | Depends: python (>= 2.5), userv, openssl (>= 0.9.8o), adduser |
| | 11 | Recommends: gnupg, claim-dir |
| | 12 | Suggests: seccure, texlive-latex-recommended, qrencode |
| | 13 | Description: Basic key-management system with secure recovery features. |
| | 14 | The primary purpose of the distorted.org.uk key management system is |
| | 15 | to provide a secure way of recovering important cryptographic keys, |
| | 16 | e.g., keys for decrypting backup volumes, in the event of a disaster. |
| | 17 | . |
| | 18 | Because it was technically fairly easy, given this infrastructure, the |
| | 19 | system also allows users to generate and use their own keys, without |
| | 20 | revealing the actual key data, on the theory that, what a user program |
| | 21 | doesn't know, it can't leak. |
| | 22 | . |
| | 23 | This system doesn't actually do very much cryptography itself. Instead, |
| | 24 | it uses other existing implementations, such as GnuPG, OpenSSL, and |
| | 25 | Seccure. |
| | 26 | |
| | 27 | Package: claim-dir |
| | 28 | Architecture: all |
| | 29 | Depends: userv |
| | 30 | Recommends: cryptsetup, dmsetup |
| | 31 | Description: Allow users to claim directories on file systems |
| | 32 | Machines sometimes have storage devices with useful special properties -- |
| | 33 | such as high performance, or secure erasure on power failure. Rather than |
| | 34 | set the root of such a filesystem world-writable and sticky, thereby making |
| | 35 | another filesystem as hard to use safely as `/tmp', `claim-dir' lets users |
| | 36 | claim directories on such filesystems via `userv'. A newly claimed |
| | 37 | directory is named after the calling user, and created readable and writable |
| | 38 | only by the calling user -- so he or she can relax the permissions later if |
| | 39 | necessary. |
| | 40 | . |
| | 41 | A script `mount-ephemeral' is included which allows the construction of an |
| | 42 | ephemeral filesystem -- one which is backed by normal storage (typically in |
| | 43 | `/tmp'), but encrypted using a temporary key which will be lost at reboot. |
| | 44 | This script can be used to build a safe place for the storage of |
| | 45 | temporary secrets. |
~mdw / distorted-keys / blame_incremental