Hi,
I'm wondering if somebody knows how I can generate a protected key with the DES wrapping key on a Linux host?
For the AES wrapping key, with pkey kernel module, I can get key tokens from /sys/devices/virtual/misc/pkey/protkey attributes; I confirmed, when I disable availability of AES wrapping key those attributes contain no data.
However, no such attribute is available for the DES wrapping key, documented in the Principles of Operation, "Protection of cryptographic keys".
The actual problem is that I want to observe any condition in a KVM guest when dea-wrapping-key=off is passed at start.
Any suggestion appreciated. Thanks.
------------------------------
Sebastian Mitterle
------------------------------