Interesting Snippets from 2019-12-15

• GitHub - latchset/tang: Tang binding daemon

  Tang is a server for binding data to network presence. This sounds fancy, but the concept is simple. You have some data, but you only want it to be available when the system containing the data is on a certain, usually secure, network. This is where Tang comes in.

• GitHub - latchset/clevis: Automated Encryption Framework

  Clevis is a plugable framework for automated decryption. It can be used to provide automated decryption of data or even automated unlocking of LUKS volumes.

• GitHub - latchset/luksmeta

  Welcome to LUKSMeta! LUKSMeta is a simple library for storing metadata in the LUKSv1 header. This library is licensed under the GNU LGPLv2+.

• MPUTangAndClevisTrial < DICE < TWiki

  One of the interesting features appearing in RHEL 7.4 is NBDE, or Network Bound Disk Encryption. This manages the seemingly impossible - through the magic of asymmetric cryptography it allows a machine with an encrypted disk to boot, without the disk's encryption key having to be entered at boot time - but only when the machine is on the correct network, and without storing the encryption key in plain text, or storing it off the machine, or transmitting data across the network in such a way that a thief could make use of it. Try to boot the machine when it's not on its home network and you'll need to enter the encryption key if you want to steal its data make progress.

[/snippets] permanent link