1

I would like to know what applications are using Linux kernel keyring?

I searched in google but didn't find a list of such applications.

sebasth
  • 14,872
E235
  • 383

2 Answers2

3

You could check which installed applications have dependency to libkeyutils (or for installed binaries, which are linked against libkeyutils.so).

On Debian systems, you could check the reverse dependencies using apt-cache rdepends libkeyutils1. On my system:

libkeyutils1
Reverse Depends:
  gdm3
  libkrb5-3
  libgssapi-krb5-2
  libkrb5support0
  libk5crypto3
  libkeyutils-dev
  sssd-common
  python3-keyutils
  python-keyutils
  nuxwdog
  nfs-common
  libkrb5support0
  libkrb5-3
  libkrad0
  libkdb5-9
  libkadm5srv-mit11
  libkadm5clnt-mit11
  libk5crypto3
  libgssrpc4
  libgssapi-krb5-2
  krb5-user
  krb5-pkinit
  krb5-otp
  krb5-kpropd
  krb5-kdc-ldap
  krb5-kdc
  krb5-gss-samples
  krb5-admin-server
  gdm3
  keyutils
  ceph-common
  libecryptfs1
  ecryptfs-utils
  cifs-utils
  ceph-test
  ceph-fs-common

For what exactly the kernel keyring is used for, you need to check the documentation.

sebasth
  • 14,872
  • What is the equivalent command to apt-cache rdepends libkeyutils1 in CentOs ? – E235 Oct 18 '18 at 14:09
  • 1
    https://unix.stackexchange.com/questions/14589/listing-packages-in-yum-that-depend-on-another-installed-package – sebasth Oct 18 '18 at 14:11
  • If you link the persistant keyring and look at what is stored... I see a krb (kerberious) keyring! – anthony Mar 13 '19 at 07:14
1

I use the kernel keyring to store a password when I open an encrypted file for editing.

When opening I ask the user the password, save it in the keyring, then edit the file. Whenever I save (may be multiple times) I retrieve the password (unless it times out, in which case I ask for a new one twice and save it again), re-encrypt the file, and continue. When I am finished editing the password key is purged.

This saves a lot of errors when editing encrypted files!

See my scripts...

askpass_stars
   https://antofthy.gitlab.io/software/#askpass_stars
   Which is my password reader, with key ring saving and retrieving

encrypt
   https://antofthy.gitlab.io/software/#encrypt
   Which does file encryption, calling askpass_stars as needed
   Its comment header contains the configuration for VIM  to edit ".enc" files


keepout
   https://antofthy.gitlab.io/software/#keepout
   Replacement for encrypt, now that "openssl enc" can handle PBKDF2.
   This a shell wrapper around "openssl" that saves the 'extra'
   information that is needed (other than the password) to decode
   the encrypted file.  Something that is necessary due to the changing
   default options of "openssl".

For information on using keyctl to do all this see my notes https://antofthy.gitlab.io/info/crypto/keyring_linux_kernal.txt

anthony
  • 610