Find the answer to your Linux question:
Results 1 to 4 of 4
I need to develop a system which interacts with a web service by sending encrypted information to it on linux. Kindly help me with my queries: a) Linux does not ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2009
    Posts
    1

    Post :: Cryptography on Linux ::


    I need to develop a system which interacts with a web service by sending encrypted information to it on linux. Kindly help me with my queries:

    a) Linux does not provide CSP (Cryptographic Service Provider) as in Windows , so who is responsible for handling keys.

    b) If everything in linux is a file, so the private keys used in PKI will also be saved as a file.. Is it the only approach we have or any other secure way?

    c) We want our system to be used by any user (admin/non-admin/root) so how to go about achieving it, if we go and restrict our access to private keys?

    d) We need to use OpenPGP or OpenSSL libraries for encryption/decryption correct?

    e) What is the best way to go about solving this issue of key management on linux.

    Thanks in Advance.
    Last edited by manas4u; 05-20-2009 at 05:50 PM. Reason: More questions added

  2. #2
    Linux User
    Join Date
    May 2009
    Location
    Big River, Sask, Canada
    Posts
    342
    Registered Linux User #420832

  3. #3
    Linux Engineer Thrillhouse's Avatar
    Join Date
    Jun 2006
    Location
    Arlington, VA, USA
    Posts
    1,377
    Quote Originally Posted by manas4u View Post
    a) Linux does not provide CSP (Cryptographic Service Provider) as in Windows , so who is responsible for handling keys.
    You are. CSP, itself (or CAPI to be more specific) is not responsible for key management. It's simply a programming interface into some of the more popular cryptography algorithms.
    b) If everything in linux is a file, so the private keys used in PKI will also be saved as a file.. Is it the only approach we have or any other secure way?
    Put it this way: any key management approach you can think of for Windows can be implemented in Linux. Key management is a platform-independent problem so if you're not comfortable with keeping the private key in a secure directory with limited permissions, maybe you can try something more elaborate like saving the key to a USB token and giving the owner of that token the possession of it.
    c) We want our system to be used by any user (admin/non-admin/root) so how to go about achieving it, if we go and restrict our access to private keys?
    Why should the keypair(s) be shared between users? Why not give each user their own? If you give multiple users access to the same private key, you sacrifice one of the key features of public key cryptography: non-repudiation. Any user can send off a message signed with that private key and blame it on one of the other users who also has access to it. This may or may not be a concern of yours but the correct way of doing things would be to give each user who should have access to this system their own keypair.
    d) We need to use OpenPGP or OpenSSL libraries for encryption/decryption correct?
    You don't have to but those are two libraries that have been thoroughly reviewed by the cryptography community and are considered viable.
    e) What is the best way to go about solving this issue of key management on linux.
    There really is no "best" way. There's only the way that best suits your system. From your post, I don't know if we have enough information to determine the best approach.

  4. #4
    Linux Newbie
    Join Date
    May 2007
    Posts
    106
    Have you rule out GNU Privacy Guard for some reason? It is very useful for this type of task.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •