Source: distorted-keys Section: utils Priority: optional Maintainer: Mark Wooding Build-Depends: python (>= 2.5), debhelper (>= 8.1.2) Standards-Version: 3.1.1 Package: distorted-keys-base Architecture: all Depends: openssl (>= 0.9.8o) Recommends: gnupg, claim-dir Suggests: seccure Description: Underlying machinery for distorted.org.uk key-management system. This package contains the libraries and key-type definitions for the distorted.org.uk key-management system. It also contains a script suitable for doing public-key operations without any of the `userv' machinery required by the full system. It might therefore be useful to install this package on satellite systems, even if they don't have the full system. Package: distorted-keys Architecture: all Depends: distorted-keys-base, python (>= 2.5), userv, adduser Suggests: texlive-latex-recommended, qrencode Description: Basic key-management system with secure recovery features. The primary purpose of the distorted.org.uk key management system is to provide a secure way of recovering important cryptographic keys, e.g., keys for decrypting backup volumes, in the event of a disaster. . Because it was technically fairly easy, given this infrastructure, the system also allows users to generate and use their own keys, without revealing the actual key data, on the theory that, what a user program doesn't know, it can't leak. . This system doesn't actually do very much cryptography itself. Instead, it uses other existing implementations, such as GnuPG, OpenSSL, and Seccure. Package: claim-dir Architecture: all Depends: userv Recommends: cryptsetup, dmsetup Description: Allow users to claim directories on file systems Machines sometimes have storage devices with useful special properties -- such as high performance, or secure erasure on power failure. Rather than set the root of such a filesystem world-writable and sticky, thereby making another filesystem as hard to use safely as `/tmp', `claim-dir' lets users claim directories on such filesystems via `userv'. A newly claimed directory is named after the calling user, and created readable and writable only by the calling user -- so he or she can relax the permissions later if necessary. . A script `mount-ephemeral' is included which allows the construction of an ephemeral filesystem -- one which is backed by normal storage (typically in `/tmp'), but encrypted using a temporary key which will be lost at reboot. This script can be used to build a safe place for the storage of temporary secrets.