Key Rotation Milestones - dun/munge GitHub Wiki

key format (v2)

  • add valid-start and valid-end 64b timestamps
  • add comment field
  • add checksum field to detect corruption
  • revamp key construction
    • replace use of SHA-1 with SHA-256 or SHA-512
    • update subkey distinguishers
    • update subkey derivation to use HKDF
  • investigate switching crypto to libsodium

keyring format (v2)

  • define on-disk binary format
  • allow multiple keys in keyring file
  • add checksum entry to detect corruption
  • add realm entry

credential format (v4)

  • define extensible format
  • support 64b timestamps
  • add data-encryption-key packet type
  • change order of crypto ops to "encrypt-then-authenticate"
  • revisit how DEK is generated

libmunge

  • add function to support sending RELOAD_KEYRING command
  • clean up namespace

protocol

  • add RELOAD_KEYRING command

mungekey

  • compute key ID from key w/o exposing sensitive key material
  • --list cmdline opt to list keys and corresponding IDs
  • --validate cmdline opt to verify keyring checksum
  • support editing key's valid-end time
  • support specifying valid-end time during key creation
  • support specifying valid-end time in various formats
  • --import cmdline opt to import keys
  • --export cmdline opt to export keys
  • --append cmdline opt to append keys to existing file
  • --reload cmdline opt to signal munged to reload keyring
    • link against libmunge for communicating with munged over socket

munged

  • add configuration file
  • add mechanism to reload key while daemon is running
    • support efficient locking of key data structures to allow modification
    • revisit worker thread code and resolution of concurrency issues
    • revisit statically-initialized mutexes and condition variables
      • will facilitate switch from deprecated gettimeofday() to clock_gettime()
      • will facilitate supporting monotonic clocks
  • support receipt of RELOAD_KEYRING command to reload key
  • when loading key, add timer to disable key based on valid-end time
  • when encoding credential, create DEK packet for each active key
  • when decoding credential, process each DEK packet regardless of rv