Re: gnome-keyring [RFC 0/2] Use the TPM as a key store for keyring signing keys

From: James Bottomley <James Bottomley HansenPartnership com>
To: Stef Walter <stefw gnome org>, gnome-keyring-list gnome org
Subject: Re: gnome-keyring [RFC 0/2] Use the TPM as a key store for keyring signing keys
Date: Thu, 12 Jan 2017 07:40:25 -0800

On Thu, 2017-01-12 at 13:06 +0100, Stef Walter wrote:

The thing is we'd like to get out of the business of doing SSH stuff
in
gnome-keyring itself:

https://bugzilla.gnome.org/show_bug.cgi?id=775981

If the above were implemented would it solve your use case?


Not really.  Unfortunately ssh-agent doesn't have a back end store, so
it insists on having the private keys passed in by ssh-add (which ssh
agent does by the component primes).  This basically makes ssh-agent
incompatible with any hardware based key.  That's not to say it can't
be fixed, but the reason gnome-keyring was the number one target for
this is because the architecture makes it easy.

James

Follow-Ups:
- Re: gnome-keyring [RFC 0/2] Use the TPM as a key store for keyring signing keys
  - From: David Woodhouse

References:
- Re: gnome-keyring [RFC 0/2] Use the TPM as a key store for keyring signing keys
  - From: Stef Walter

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]