Web lists-archives.com

Re: KDE Partition Manager and KPMcore 4.0 beta / KAuth review request / Name of the program




2019 m. sausio 16 d., trečiadienis 01:18:09 GMT David Edmundson rašė:
> >Then it starts DBus interface where the
> original GUI program can request execution of various partitioning commands
> as root. These requests are
> RSA signed by the GUI program and come with a cryptographic nonce which
> prevents replaying them.
> 
> Why?
> 
> You can correctly identify the sender of the gui app that spawned us and
> you can verify that any new requests are from that sender. See QDBusContext.
> DBus base service names are always unique and not something that could be
> faked on the system bus.

Hi David,

I was not aware of QDBusContext. I'll have to read its documentation.
Thanks for suggestion! I think last time I asked, nobody mentioned it.

In fact it was the opposite. At that time I didn't have RSA yet, I was just
sending some shared secret via DBus and somebody said this is not secure,
and it is better to use public key cryptography. I am planning to evantually 
use QCA for other stuff (I think it supports secure memory for storing LUKS
passphrase), so I thought QCA is not a big dependency.

Any thoughts on the name?

Andrius

> 
> David
> 

Attachment: signature.asc
Description: This is a digitally signed message part.