On Tue, 2014-02-04 at 09:05 +0000, Mark De Roussier wrote: > Hi Alexander, > > I am not really familiar with gSSO. On the face of it, gSSO itself is > not what I mean. It's focused on credentials, and I had put it in my > 'authentication tool' category. I think I'm interested in something > more general. But it's interesting that gSSO is using eCryptfs. That > answers a bunch of questions I had :). So if eCryptfs works with > Tizen, then ( as a sweeping generalization ) it should be possible for > something ( a 'user profile manager', or 'secure storage manager', or > something like that ) to maintain differently keyed storage areas > corresponding to different user profiles.
Having an encyption mechanism (like eCryptfs) supported by Tizen is one aspect. The other is key handling for unlocking an encrypted directory or file. This is where gSSO might be useful. Regarding gSSO + eCryptfs: I have some doubts whether eCryptfs is really used on Tizen. We don't seem to have ecryptfs-utils as project in gerrit and the gSSO .spec doesn't ask for it, so gSSO configure will disable the use of libecryptfs, right? Question to the security team: do you think that eCryptfs is secure (assuming that key handling can be sorted out) and suitable at least for some use cases (probably the ones which are not performance critical)? I suspect that for performance and reliability critical use cases, like encrypting our sqlite databases, we will need something else. A quick search for "encrypting sqlite" leads to several solutions, the most promising being http://sqlcipher.net/ Any thoughts on that one? -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. _______________________________________________ IVI mailing list [email protected] https://lists.tizen.org/listinfo/ivi
