[UPDATES] the last update is completly stoned

John M McIntosh johnmci at smalltalkconsulting.com
Wed Jun 11 19:33:39 UTC 2003


I'll point out some operating systems like the macintosh have OS level  
key ring API's to store/mange/sort etc etc this
type of data. It might be useful to remember to build such a class so  
that one can revert to the hosting OS API for this
versus having yet another place to store my passwords and the like.

Still a bit of thought is required, I think you only want to decrypt  
only when a object is needed, and only that object, versus say the  
entire keyring with of course a gatekeep to deal with access. Certainly  
I don't want to receive a change set on the mail list which I foolishly  
load which grabs and runs with my unencrypted keyring.

On Wednesday, June 11, 2003, at 11:42  AM, Stephen Pair wrote:

> How about implementing a key ring for storing all sorts of userids,  
> passwords, crypto keys, etc?  A key ring can exist in two states:  
> normal and encrypted serialized.  If an attempt is made to access an  
> encrypted/serialized key ring, an exception would prompt the user for  
> a decryption key that when supplied would be used to decrypt the  
> serialized key ring and if successful would then reconstruct the key  
> ring objects from decrypted bytes.  Then the original message could be  
> performed on the key ring.
> When the image is snapshotted (or whenever the user requests), all key  
> ring objects in the image could be serialized and encrypted and a  
> become operation could swap out all the key ring objects for their  
> encrypted serialized forms.  Thus, an image saved on disk would never  
> contain unencrypted key ring objects.  An extension to this could be  
> to externalize all the encrypted serialized key rings to a file that  
> goes with an image...you would then have:
>
>    Squeak.image
>    Squeak.changes
>    Squeak.keyrings
>
>
> On snapshot, all keyrings are serialized, encrypted, and dumped out to  
> the keyrings file and the image is purged of any keyrings.  Only a  
> stub object that attempts to load the set of keyrings from the  
> keyrings file is left in the image.
>
> - Stephen
>
>
>
>
>
--
======================================================================== 
===
John M. McIntosh <johnmci at smalltalkconsulting.com> 1-800-477-2659
Corporate Smalltalk Consulting Ltd.  http://www.smalltalkconsulting.com
======================================================================== 
===



More information about the Squeak-dev mailing list