[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal/AFS Master Key Coordination

To: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Subject: Re: Heimdal/AFS Master Key Coordination
From: joda@pdc.kth.se (Johan Danielsson)
Date: 24 Sep 2003 09:48:42 +0200
Cc: heimdal-discuss@sics.se
In-Reply-To: "Henry B. Hotz"'s message of "Tue, 23 Sep 2003 11:30:53 -0700"
References: <p05210603bb94e1e3d3bc@[137.78.212.225]><xof3ceng0g5.fsf@blubb.pdc.kth.se><p05210600bb963d7f8336@[137.78.212.225]>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7

"Henry B. Hotz" <hotz@jpl.nasa.gov> writes:

> Now about the hpropd: Does it encrypt the database using the master
> key in the stash file?

No, hpropd is really simple, it just reads entries and writes them to
the database, it doesn't know much of anything.

> There was a recent post to the effect that hpropd couldn't tell if
> it was getting encrypted data or not.

An application that requires access to key material, will decrypt if
necessary. In fact, you can have keys encrypted with different master
keys, and unencrypted keys in the same database (not that I recommend
that).

> So the kaserver DB is unencrypted; the Heimdal DB is encrypted.
> When/how is the encryption with the Heimdal master key done?

By hprop, if used with --encrypt.

/Johan

Follow-Ups:
- Re: Heimdal/AFS Master Key Coordination
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

References:
- Heimdal/AFS Master Key Coordination
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: Heimdal/AFS Master Key Coordination
  - From: joda@pdc.kth.se (Johan Danielsson)
- Re: Heimdal/AFS Master Key Coordination
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>

Prev by Date: Re: Heimdal/AFS Master Key Coordination
Next by Date: Re: Heimdal/AFS Master Key Coordination
Prev by thread: Re: Heimdal/AFS Master Key Coordination
Next by thread: Re: Heimdal/AFS Master Key Coordination
Index(es):
- Date
- Thread