Bug 64989 - RFE: rpm and rhmask
RFE: rpm and rhmask
Product: Red Hat Raw Hide
Classification: Retired
Component: rpm (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Johnson
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2002-05-15 14:25 EDT by R P Herrold
Modified: 2007-04-18 12:42 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-02-25 23:35:35 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description R P Herrold 2002-05-15 14:25:26 EDT
This is a 'confirmation of conversation' piece

rhmask, if not explicitly deprecated, is de-emphasized in the present installs.

BUT: It enables a secure infrastructure (I write this, having lunched at a
national financial institution's main office, and speaking with their Open
Source Architect, a Network Security person, and an architect for a monolithic
graphical 'server' vendor LDAP variant implementation project)

rhmask is tiny. -- It could move into rpm without too much effort or size
penalty, and provide a tool for management of enciphered content.

It lacks some features: from memory, it is using a symmetric, X-or class
encipherment, based upon the hash of a pre-existent package.
-- it enciphers the entire package, rather than just the payload, rpecenting it
from being able to 'play well' with the RPM sub-payload signing and potential
encipherment capability
-- it lacks asymmertric cipher support, adn clean PKI hooks

-- RPM is rolling in the GPL'd becrypt library
-- RPM is solving and will complete solving database 'decruftification' issues
-- RPM is solbving PKI validation and revocation, and verification issues

Distributing enciphered keyed information (as rhmask enable), will incidentally
facilitate keychain maintenance for the GPG layers.


So proposal is:
- Move rhmask into RPM
- extend rhmask with asymmetric, and PKI enabled confirmation of keys,
Comment 1 R P Herrold 2004-02-25 23:35:35 EST
stale - closing

Note You need to log in before you can comment on or make changes to this bug.