我想知道正在使用哪些应用程序Linux 内核密钥环?
我在谷歌中搜索但没有找到此类应用程序的列表。
答案1
您可以检查哪些已安装的应用程序具有依赖关系libkeyutils(或已安装的二进制文件,它们链接到libkeyutils.so)。
在 Debian 系统上,您可以使用apt-cache rdepends libkeyutils1.在我的系统上:
libkeyutils1
Reverse Depends:
gdm3
libkrb5-3
libgssapi-krb5-2
libkrb5support0
libk5crypto3
libkeyutils-dev
sssd-common
python3-keyutils
python-keyutils
nuxwdog
nfs-common
libkrb5support0
libkrb5-3
libkrad0
libkdb5-9
libkadm5srv-mit11
libkadm5clnt-mit11
libk5crypto3
libgssrpc4
libgssapi-krb5-2
krb5-user
krb5-pkinit
krb5-otp
krb5-kpropd
krb5-kdc-ldap
krb5-kdc
krb5-gss-samples
krb5-admin-server
gdm3
keyutils
ceph-common
libecryptfs1
ecryptfs-utils
cifs-utils
ceph-test
ceph-fs-common
对于内核密钥环的具体用途,您需要查看文档。
答案2
当我打开加密文件进行编辑时,我使用内核密钥环来存储密码。
打开时,我询问用户密码,将其保存在密钥环中,然后编辑文件。每当我保存(可能多次)时,我都会检索密码(除非超时,在这种情况下,我会要求两次新密码并再次保存),重新加密文件,然后继续。当我完成编辑后,密码密钥将被清除。
这在编辑加密文件时可以避免很多错误!
看我的脚本...
askpass_stars
https://antofthy.gitlab.io/software/#askpass_stars
Which is my password reader, with key ring saving and retrieving
encrypt
https://antofthy.gitlab.io/software/#encrypt
Which does file encryption, calling askpass_stars as needed
Its comment header contains the configuration for VIM to edit ".enc" files
keepout
https://antofthy.gitlab.io/software/#keepout
Replacement for encrypt, now that "openssl enc" can handle PBKDF2.
This a shell wrapper around "openssl" that saves the 'extra'
information that is needed (other than the password) to decode
the encrypted file. Something that is necessary due to the changing
default options of "openssl".
有关使用 keyctl 执行所有这些操作的信息,请参阅我的笔记 https://antofthy.gitlab.io/info/crypto/keyring_linux_kernal.txt