On Wed, Mar 28, 2007 at 04:34:21PM +0100, Darren J Moffat wrote: > Bill Sommerfeld wrote: > >I'm a little confused about exactly who becomes responsible for > >encrypting the sensitive credential in this case -- is it SMF or is it > >the individual service? > > > >I'm uncomfortable with leaving this to the individual service (since it > >effectively forces each service to reinvent their own wheel), especially > >without very specific guidance in the SMF documentation. > > and where is the decryption key (or PIN to authenticate to the keystore) > going to come from during boot ?
Having a key hierarchy rooted at a very small number of keys will make it practical to store such keys in the OBP (as in WANboot) or in the TPM (when we get support for that) or other token. Until then and on systems that lack such key storage tokens encrypting passwords and secret keys will amount to scrambling. Given that ISTM that asking SMF to encrypt read-sensitive values is probably not helpful at this time, that it can always be added later, provided that consumers get plaintext from SMF now and don't apply their own scrambling.
