Passing sensitive data over D-Bus
nalimilan at club.fr
Tue Nov 10 03:40:43 PST 2009
Le lundi 09 novembre 2009 à 17:50 -0600, Stef Walter a écrit :
> In gnome-keyring one of our goals is to keep passwords out of pageable
> memory . Not that this matters for all passwords, but it does matter
> for some.
It does matter for Unix users passwords obviously. Though I don't think
anything has ever been done in this direction in the GNOME System Tools.
That's less of a problem than in the keyring, since typically we're only
run once in a while. But that should ideally be done that way, yes.
> In the new Secret Service DBus API, we'll using DH key agreement for
> encrypting passwords as they pass through DBus, or between processes.
> Thought you might be interested. Just one option...
How do you implement that ? It would be good to have if we want to allow
the messages to go over the network. That's not a critical feature
because AFAIK that does not really work currently, but it could be good
to have. I'm wondering how complex this is to implement, given that we
have C on one side of the bus, and perl on the other side.
More information about the dbus