RFC: deprecating crypto usage in secret-service
Thomas Kluyver
thomas at kluyver.me.uk
Mon Aug 24 09:10:01 UTC 2020
It's not clear to me that using file descriptors fulfils the same goal as the encryption mechanism. The secret service spec [1] suggests that the goal is for swappable memory to contain encrypted (rather than plaintext) secrets. Passing the secret over a separate channel wouldn't seem to do that - though I guess there would be one fewer copy of the data, as the bus daemon doesn't see it.
Approaching it from another angle, what threat would this protect against which could otherwise steal data from D-Bus over unix sockets? I think it would have to be something which can listen to another connection but not connect itself, but I don't know of a scenario where that's possible.
Passing file descriptors is only possible over Unix sockets, as far as I know, so it wouldn't be usable on Windows, though I don't know how big a concern that is.
Thomas
[1] https://specifications.freedesktop.org/secret-service/latest/ch07.html
On Sun, 23 Aug 2020, at 18:46, Daiki Ueno wrote:
> Hello,
>
> Currently, the secret-service protocol suggests two mechanisms
> ("algorithms" in the specification) to transfer secrets: "plain" and
> "dh-ietf1024-sha256-aes128-cbc-pkcs7".
>
> The former sends secret data in plaintext, while the latter transmits
> the data in an encrypted form, using a mechanism similar to to TLS.
> Although this works well so far and the algorithm choice is ok-ish, the
> custom encryption protocol requires low-level crypto primitives and the
> used crypto algorithm, the 1024-bit 'Second Oakley Group', is being
> deprecated[1].
>
> At the D-Bus level, there is more secure mechanism to transfer sensitive
> data without imposing crypto: file descriptor passing. I suggest
> replacing the existing mechanism with it at least on the platforms where
> file descriptor passing is available.
>
> I have submitted a draft MR:
> https://gitlab.freedesktop.org/xdg/xdg-specs/-/merge_requests/33
>
> Is there any concerns / suggestions on this?
>
> Regards,
>
> Footnotes:
> [1] https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2
>
> _______________________________________________
> xdg mailing list
> xdg at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/xdg
>
More information about the xdg
mailing list