mdw@git.distorted.org.uk Git - distorted-keys/blob - debian/control

   1 Source: distorted-keys
   2 Section: utils
   3 Priority: optional
   4 Maintainer: Mark Wooding <mdw@distorted.org.uk>
   5 Build-Depends: python (>= 2.5), debhelper (>= 8.1.2)
   6 Standards-Version: 3.1.1
   7
   8 Package: distorted-keys-base
   9 Architecture: all
  10 Depends: openssl (>= 0.9.8o)
  11 Recommends: gnupg, claim-dir
  12 Suggests: seccure
  13 Description: Underlying machinery for distorted.org.uk key-management system.
  14  This package contains the libraries and key-type definitions for the
  15  distorted.org.uk key-management system.  It also contains a script suitable
  16  for doing public-key operations without any of the `userv' machinery
  17  required by the full system.  It might therefore be useful to install this
  18  package on satellite systems, even if they don't have the full system.
  19
  20 Package: distorted-keys
  21 Architecture: all
  22 Depends: distorted-keys-base, python (>= 2.5), userv, adduser, qrencode
  23 Suggests: texlive-latex-recommended
  24 Description: Basic key-management system with secure recovery features.
  25  The primary purpose of the distorted.org.uk key management system is
  26  to provide a secure way of recovering important cryptographic keys,
  27  e.g., keys for decrypting backup volumes, in the event of a disaster.
  28  .
  29  Because it was technically fairly easy, given this infrastructure, the
  30  system also allows users to generate and use their own keys, without
  31  revealing the actual key data, on the theory that, what a user program
  32  doesn't know, it can't leak.
  33  .
  34  This system doesn't actually do very much cryptography itself.  Instead,
  35  it uses other existing implementations, such as GnuPG, OpenSSL, and
  36  Seccure.
  37
  38 Package: claim-dir
  39 Architecture: all
  40 Depends: userv
  41 Recommends: cryptsetup, dmsetup
  42 Description: Allow users to claim directories on file systems
  43  Machines sometimes have storage devices with useful special properties --
  44  such as high performance, or secure erasure on power failure.  Rather than
  45  set the root of such a filesystem world-writable and sticky, thereby making
  46  another filesystem as hard to use safely as `/tmp', `claim-dir' lets users
  47  claim directories on such filesystems via `userv'.  A newly claimed
  48  directory is named after the calling user, and created readable and writable
  49  only by the calling user -- so he or she can relax the permissions later if
  50  necessary.
  51  .
  52  A script `mount-ephemeral' is included which allows the construction of an
  53  ephemeral filesystem -- one which is backed by normal storage (typically in
  54  `/tmp'), but encrypted using a temporary key which will be lost at reboot.
  55  This script can be used to build a safe place for the storage of
  56  temporary secrets.