2019 m. sausio 16 d., trečiadienis 01:18:09 GMT David Edmundson rašė: > >Then it starts DBus interface where the > original GUI program can request execution of various partitioning commands > as root. These requests are > RSA signed by the GUI program and come with a cryptographic nonce which > prevents replaying them. > > Why? > > You can correctly identify the sender of the gui app that spawned us and > you can verify that any new requests are from that sender. See QDBusContext. > DBus base service names are always unique and not something that could be > faked on the system bus.
Hi David, I was not aware of QDBusContext. I'll have to read its documentation. Thanks for suggestion! I think last time I asked, nobody mentioned it. In fact it was the opposite. At that time I didn't have RSA yet, I was just sending some shared secret via DBus and somebody said this is not secure, and it is better to use public key cryptography. I am planning to evantually use QCA for other stuff (I think it supports secure memory for storing LUKS passphrase), so I thought QCA is not a big dependency. Any thoughts on the name? Andrius > > David >
signature.asc
Description: This is a digitally signed message part.
