[libsocialweb] keystore: Some documentation and cleanup of kernel keyring code

From: Rob Bradford <rbradford src gnome org>
To: commits-list gnome org
Cc:
Subject: [libsocialweb] keystore: Some documentation and cleanup of kernel keyring code
Date: Tue, 19 Apr 2011 18:13:17 +0000 (UTC)

commit 53da31f570daab625efa5733e8928dd7fecdcdd2
Author: Stef Walter <stefw collabora co uk>
Date:   Mon Apr 11 18:39:40 2011 +0200

    keystore: Some documentation and cleanup of kernel keyring code
    
    Fixes: https://bugs.meego.com/show_bug.cgi?id=16373

 configure.ac                 |    5 +++++
 examples/request-api-key.sh  |    2 +-
 libsocialweb-keystore/README |   14 ++++++++++++++
 3 files changed, 20 insertions(+), 1 deletions(-)
---
diff --git a/configure.ac b/configure.ac
index ec89d98..7244083 100644
--- a/configure.ac
+++ b/configure.ac
@@ -124,6 +124,9 @@ AS_IF(
         AC_MSG_RESULT([no])
 )
 
+# ------------------------------------------------------------------------------
+# Kernel Keyring
+
 AC_MSG_CHECKING([whether to use kernel keyring via libkeyutils])
 AC_ARG_WITH([kernel-keyring], [AS_HELP_STRING([--with-kernel-keyring], [enable support for kernel keyring])],
             [], [with_kernel_keyring=yes])
@@ -151,6 +154,8 @@ AS_IF(
 AC_SUBST(KEYUTILS_CFLAGS)
 AC_SUBST(KEYUTILS_LIBS)
 
+# ------------------------------------------------------------------------------
+
 AC_ARG_ENABLE([all-services],[AS_HELP_STRING([--enable-all-services], [enable every service])],
               [], [enable_all_services=no])
 
diff --git a/examples/request-api-key.sh b/examples/request-api-key.sh
index 7491e5e..080ca38 100755
--- a/examples/request-api-key.sh
+++ b/examples/request-api-key.sh
@@ -9,5 +9,5 @@
 KEY="THEKEYHERE
 THESECRETHERE"
 
-echo "requesting key with args: $@" >> /tmp/request-api-key.log
+echo "requesting key with args: $@" >&2
 keyctl instantiate $1 "$KEY" $4 || exit 1
diff --git a/libsocialweb-keystore/README b/libsocialweb-keystore/README
index 7a26a9f..74aa78f 100644
--- a/libsocialweb-keystore/README
+++ b/libsocialweb-keystore/README
@@ -2,3 +2,17 @@ libsocialweb-keystore
 ===
 
 A simple library which provides access to web service API keys.
+
+
+--------------------------------------------------------------------------------
+                    KERNEL KEYRING OBFUSCATION (prototype)
+
+libsocialweb-keystore has the ability to lookup API keys in the linux kernel
+keyring. This allows obfuscation and obscurity for loaded API keys. This should
+not be seen as a security feature, but rather as an obscurity feature.
+
+To use the kernel keyring, configure libsocialweb with the --with-kernel-keyring
+option. Make sure libkeyutils (and development libraries) are installed.
+
+See examples/request-api-key.sh for an example of how to load these keys into
+the kernel keyring on demand.

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]