awkonecki
commented
7 years ago Keys are typically not stored in the raw. Typically a cryptographic hash is stored of the key itself with some algorithm identifiers and possible salf/seed/initialization information. On linux for example /etc/.passwd is the file that contains users and passwords. However not even a hash is stored in this file. An x is indicated to inform that the cryptographic hash and salt information is stored in the shadow file i believe is in /etc/shadow. So when a process attempts to check user login information, the application must be allowed to call the the kernel cryptographic functions and access the shadow and password file. Linux makes available a standard API do perform this method.
In a case in which an application is managing all its own secret information i.e. no key chain or API call to standard kernel operations the secret material is likely to reside in a static memory location; albeit encrypted until needed (i.e. it is recommended that when an application receives key material that it encrypts it immediately to provide a level of obfuscation to a process that may happen to be snooping on the memory that the process is operating on.
HSMs can provide the same, or operate on the keys in the plain as long as there is no software that allows exfiltration of the key material itself but this is dependent on the scenario.
On Tue, Jul 18, 2017 at 2:28 PM, Dejan Pangercic notifications@github.com wrote:
Assigned #4 https://github.com/dejanpan/sros2/issues/4 to @akonecki https://github.com/akonecki.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/dejanpan/sros2/issues/4#event-1169181343, or mute the thread https://github.com/notifications/unsubscribe-auth/ACW8J13b9ypCeK2W8MrpqnDPTHjQM0G6ks5sPSNsgaJpZM4Ob8oF .
HSM = Hardware Security Module (https://en.wikipedia.org/wiki/Hardware_security_module).
Right now digital keys for authentication are stored probably in root?