Commit | Line | Data |
---|---|---|
f012ad83 MW |
1 | Source: distorted-keys |
2 | Section: utils | |
3 | Priority: optional | |
4 | Maintainer: Mark Wooding <mdw@distorted.org.uk> | |
5 | Build-Depends: python (>= 2.5), debhelper (>= 8.1.2) | |
6 | Standards-Version: 3.1.1 | |
7 | ||
315ad13e | 8 | Package: distorted-keys-base |
f012ad83 | 9 | Architecture: all |
315ad13e | 10 | Depends: openssl (>= 0.9.8o) |
125f634c | 11 | Recommends: gnupg, claim-dir |
315ad13e MW |
12 | Suggests: seccure |
13 | Description: Underlying machinery for distorted.org.uk key-management system. | |
14 | This package contains the libraries and key-type definitions for the | |
15 | distorted.org.uk key-management system. It also contains a script suitable | |
16 | for doing public-key operations without any of the `userv' machinery | |
17 | required by the full system. It might therefore be useful to install this | |
18 | package on satellite systems, even if they don't have the full system. | |
19 | ||
20 | Package: distorted-keys | |
21 | Architecture: all | |
ac1aec3a MW |
22 | Depends: distorted-keys-base, python (>= 2.5), userv, adduser, qrencode |
23 | Suggests: texlive-latex-recommended | |
f012ad83 MW |
24 | Description: Basic key-management system with secure recovery features. |
25 | The primary purpose of the distorted.org.uk key management system is | |
26 | to provide a secure way of recovering important cryptographic keys, | |
27 | e.g., keys for decrypting backup volumes, in the event of a disaster. | |
4120b1dd | 28 | . |
f012ad83 MW |
29 | Because it was technically fairly easy, given this infrastructure, the |
30 | system also allows users to generate and use their own keys, without | |
31 | revealing the actual key data, on the theory that, what a user program | |
32 | doesn't know, it can't leak. | |
33 | . | |
34 | This system doesn't actually do very much cryptography itself. Instead, | |
35 | it uses other existing implementations, such as GnuPG, OpenSSL, and | |
36 | Seccure. | |
33aa94e8 MW |
37 | |
38 | Package: claim-dir | |
39 | Architecture: all | |
40 | Depends: userv | |
41 | Recommends: cryptsetup, dmsetup | |
42 | Description: Allow users to claim directories on file systems | |
43 | Machines sometimes have storage devices with useful special properties -- | |
44 | such as high performance, or secure erasure on power failure. Rather than | |
45 | set the root of such a filesystem world-writable and sticky, thereby making | |
46 | another filesystem as hard to use safely as `/tmp', `claim-dir' lets users | |
47 | claim directories on such filesystems via `userv'. A newly claimed | |
48 | directory is named after the calling user, and created readable and writable | |
49 | only by the calling user -- so he or she can relax the permissions later if | |
50 | necessary. | |
51 | . | |
52 | A script `mount-ephemeral' is included which allows the construction of an | |
53 | ephemeral filesystem -- one which is backed by normal storage (typically in | |
54 | `/tmp'), but encrypted using a temporary key which will be lost at reboot. | |
55 | This script can be used to build a safe place for the storage of | |
56 | temporary secrets. |