headers
Fellow Traveler | 3 Jul 2012 08:50
Favicon

Question: using ssh-agent as "protected memory" storage.


Hello,

Sorry to bother you all but I have already done a lot of research online
and haven't come to a satisfactory answer.

**** All I want, is to be able to store a small piece of data in
"protected memory", and then retrieve it again later. ****

I am already doing some pretty tricked-out stuff to store this data in
my own RAM, but that's not good enough -- I'd prefer to use some sort of
"standard" protected memory, versus trying to do it myself.

On Windows there is a function called "VirtualProtect" which does this,
and I thought perhaps ssh-agent might be able to provide the same
functionality on UNIX.

Is this possible? If not, what is the best way to go about doing such a
thing?

---

Alternately, is it possible to use ssh-agent for encrypting/decrypting
data using a key stored inside ssh-agent?  Because this would also solve
my problem. Does libssh2 allow me to encrypt/decrypt using the
identities, similar to how it allows me to authenticate using the
identities?

---
(Continue reading)

Permalink | Reply |
headers
Peter Stuge | 3 Jul 2012 21:12
Picon

Re: Question: using ssh-agent as "protected memory" storage.

Hi,

Fellow Traveler wrote:
> **** All I want, is to be able to store a small piece of data in
> "protected memory", and then retrieve it again later. ****

The SSH agent is a bad fit.

> is it possible to use ssh-agent for encrypting/decrypting data
> using a key stored inside ssh-agent?

No, the agent protocol (which I guess you didn't look at yet) does
not contain encrypt/decrypt operations.

> I'm not trying to do anything on a remote machine, either.

Which should tell you right away that SSH does not really fit.

> Thoughts?

gpgme and look at what the guy did who implemented protected storage
in a Linux kernel by using system management mode.

//Peter
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Permalink | Reply |
headers
Fellow Traveler | 2 Aug 2012 01:15
Favicon

Re: Question: using ssh-agent as "protected memory" storage.


Hi,

Fill with shock and dismay that such a C++ class does not already exist,
I was forced to write it myself.

If anyone else needs to use it, FYI the header and CPP file are here:

https://github.com/FellowTraveler/Open-Transactions/blob/master/include/otlib/OTKeyring.h

https://github.com/FellowTraveler/Open-Transactions/blob/master/src/otlib/OTKeyring.cpp

Currently it works with Gnome Keyring, KDE KWallet, Mac Keychain, and
Windows DPAPI. (For storing and retrieving secrets.)

-Fellow Traveler

On 7/2/12 11:50 PM, Fellow Traveler wrote:
> 
> Hello,
> 
> Sorry to bother you all but I have already done a lot of research online
> and haven't come to a satisfactory answer.
> 
> **** All I want, is to be able to store a small piece of data in
> "protected memory", and then retrieve it again later. ****
> 
> I am already doing some pretty tricked-out stuff to store this data in
> my own RAM, but that's not good enough -- I'd prefer to use some sort of
> "standard" protected memory, versus trying to do it myself.
(Continue reading)

Permalink | Reply |

Gmane