[UPDATES] the last update is completly stoned
John M McIntosh
johnmci at smalltalkconsulting.com
Wed Jun 11 19:33:39 UTC 2003
I'll point out some operating systems like the macintosh have OS level
key ring API's to store/mange/sort etc etc this
type of data. It might be useful to remember to build such a class so
that one can revert to the hosting OS API for this
versus having yet another place to store my passwords and the like.
Still a bit of thought is required, I think you only want to decrypt
only when a object is needed, and only that object, versus say the
entire keyring with of course a gatekeep to deal with access. Certainly
I don't want to receive a change set on the mail list which I foolishly
load which grabs and runs with my unencrypted keyring.
On Wednesday, June 11, 2003, at 11:42 AM, Stephen Pair wrote:
> How about implementing a key ring for storing all sorts of userids,
> passwords, crypto keys, etc? A key ring can exist in two states:
> normal and encrypted serialized. If an attempt is made to access an
> encrypted/serialized key ring, an exception would prompt the user for
> a decryption key that when supplied would be used to decrypt the
> serialized key ring and if successful would then reconstruct the key
> ring objects from decrypted bytes. Then the original message could be
> performed on the key ring.
> When the image is snapshotted (or whenever the user requests), all key
> ring objects in the image could be serialized and encrypted and a
> become operation could swap out all the key ring objects for their
> encrypted serialized forms. Thus, an image saved on disk would never
> contain unencrypted key ring objects. An extension to this could be
> to externalize all the encrypted serialized key rings to a file that
> goes with an image...you would then have:
>
> Squeak.image
> Squeak.changes
> Squeak.keyrings
>
>
> On snapshot, all keyrings are serialized, encrypted, and dumped out to
> the keyrings file and the image is purged of any keyrings. Only a
> stub object that attempts to load the set of keyrings from the
> keyrings file is left in the image.
>
> - Stephen
>
>
>
>
>
--
========================================================================
===
John M. McIntosh <johnmci at smalltalkconsulting.com> 1-800-477-2659
Corporate Smalltalk Consulting Ltd. http://www.smalltalkconsulting.com
========================================================================
===
More information about the Squeak-dev
mailing list
|