Slashdot Mirror

← Back to Stories (view on slashdot.org)

Secure Private Key Storage for UNIX?

Posted by Cliff on from the kernel-level-key-ring dept.

An anonymous reader asks: "Microsoft Windows, from 2000 forward (except ME) offers secure certificate and private storage at the OS level in what is called a protected store. Offline, it's encrypted by a combination of the user's password and a session key stored on the filesystem. When the OS is running, the private keys stored are available to the logged in user, optionally encrypted with another password. The keys are stored in protected memory, so no applications can access them without going through the Microsoft CAPI calls. This code also is FIPS 140-1 level 1 (the best one can get for software cryptography modules) compliant." Does any other OS provide this kind of feature at the OS-level? If so, who? If not, why? This functionality (especially certified FIPS 140-1 or FIPS 140-2) would be nice to see in UNIX variants. MacOS's key-chain functionality is similar, but stores at the application level, and is not FIPS compliant. An implementation of the protected store functionality will allow applications like Firefox, Thunderbird and gpg to have one common place to obtain private keys and certificates rather than maintaining their own individual key-stores. An additional application for this would be the ability to use hardware PKCS #11 tokens.

I am wondering why this functionality does not exist at the OS level in most OSes except Windows. A number of applications on many platforms have this functionality, but its at the app level, with their own key-stores, and not a standard at the OS level."

4 of 95 comments (clear)

  1. Re:Well duh.. by endofbroadcast · · Score: 0, Flamebait

    Oops. I confused your stupidity for ignorance. Howabout you keep up with the industry, bucko. Your personal opinion means nothing when going up against cold hard facts, you pompous, overbearing windbag. HP-UX is heavily used, and if you just don't want to accept that fact you can curl up with your security blanket, scream "Mama!" and wait for the anal thermometer, because you are a friggin' child. So chill with the semi-coherant B.S. and actualy contribute to the discussion without being a total elitist nerd spitting out nonsense.

    Get with the program, buddy, and grow up.

    I AM in the know. I DO work for the government, and I KNOW what I'm talking about. Your snotnosed attitude merely shows that you're ignorant of the reality of the situation. Congratulations on proving just how stupid you really are. Bravo, buddy.

  2. Re:Well duh.. by QuantumG · · Score: 0, Flamebait

    I DO work for the government I can tell by your maturity.
    --
    How we know is more important than what we know.
  3. Re:Well duh.. by Anonymous Coward · · Score: 0, Flamebait

    Funny... I could tell from his lack thereof.

  4. Re:Well duh.. by endofbroadcast · · Score: 0, Flamebait

    What is that supposed to mean? Just because I called you out on your ignorance of the subject matter doesn't make me immature. It just makes me correct. And now that you don't have a valid argument you have to sink to snide, backhanded comments. Have you ever had to defend a position using facts and not just a snotty attitude?