What is Linux kernel keystore and why you should use it... - Ignat Korchagin - JOTB24

Published: 30 July 2024
on channel: J On The Beach
126
1

Did you know that Linux has a full-featured keystore ready to be used by any application or service it runs? Applications can securely store and share credentials, secrets and cryptographic keys, sign and encrypt data, negotiate a common encryption key - all this by never touching a single byte of the underlying cryptographic material.

This is especially useful in the post-heartbleed and cloud-native environments, where services authenticate and securely talk to each other using some kind of credentials. But if a network-facing service also has some secret in its process address space, it sets itself up for a security failure as any potential out-of-bounds memory access vulnerability may allow the secret to be leaked. Imagine a world where you don’t have to run an SSH agent just to protect your SSH keys.

On top of keeping your secrets secret Linux keystore nicely integrates with specialized security hardware, like TPMs and HSMs and may provide a single entry point on the system for applications to obtain their secrets. Thus Linux keystore is a very useful building block for a corporate key management system.


Watch video What is Linux kernel keystore and why you should use it... - Ignat Korchagin - JOTB24 online without registration, duration hours minute second in high quality. This video was added by user J On The Beach 30 July 2024, don't forget to share it with your friends and acquaintances, it has been viewed on our site 12 once and liked it people.