Proposal for a Desktop Neutral Crypto API
Nate Nielsen
nielsen-list at memberwebs.com
Sat Apr 2 01:58:21 EEST 2005
Mike Hearn wrote:
> Hmm, why is this a "DBUS API", which forces the use of IPC instead of a
> shared library? I don't think using a separate process for doing things
> like encrypting text blocks is wise from a performance perspective.
>
> I might have misunderstood the goals of this service though.
Well, here's some of the reasoning behind that. Many of the following
are things that can be accomplished with a shared library, but are just
so very much simpler when approaching it from a clean DBUS service
perspective.
- Caching of security sensitive information, in one or a pair of
processes rather than many. This process can be designed to
protect passphrases and the like. Things like starting the process
setuid root, (and then dropping all privileges) allow the implementor
to use non-pageable memory.
- A continuity in the encyption experience which allows notification
icons (let's say for cached passphrases, log output windows), and the
like.
- To allow the various implementors to use different toolkits and
libraries and to avoid implementation details and requirements
leaking. This allows each desktop to implement the API according to
their own coding style. An important factor if this is to gain
traction in the myriad of applications that require encryption
services.
- It's clean and simple. Doesn't bring dependencies into the calling
program. Allows swapping of implementations when the user / admin /
distro requires. It's much more flexible and allows new features to
be developed independently of the API.
- Allows the simple integration of encryption hardware, like biometrics
or card readers.
- It makes real time updates and state information real easy. Say the
user adds a new key, it should show up immediately in whatever apps
are displaying key lists. Sure a library could do this, but would
involve an internal IPC connection as well as a daemon running
anyway.
- Performance: Most of the current Linux encryption packages (ie: gpg,
gpgsm) already use IPC exclusively. You'll also note there's two sets
of encryption interfaces. One is text based and the other file based.
Performance aspects of the API proposal can be fine tuned easily
(perhaps with a third unix-socket based interface?). In any case this
is a problem that can be solved regardless of IPC.
Given that many applications and desktops already each have their own
encryption solution going, an effort like this needs to be as
transparent and simple as possible implementation-wise in order to go
anywhere.
Cheers,
Nate
More information about the xdg
mailing list