4

I'm working on a library to make quick access to KeepassX database files easier for power users. Right now the application is so short-lived in memory that security around the unencrypted KeePass database is not a huge concern.

However, I'd like to add the ability to hold the database unlocked for a period of time in the background, similar to the way the KeepassX GUI does. This would allow immediate query of passwords without being prompted for the master password. This means there would be sort of daemon process that holds the database in memory and communicates with a client.

It seems that the security implications of this are similar to that of ssh-agent, and I'm wondering if anyone 'round these parts is familiar with how that project approaches the long-term secure storage of sensitive data (namely, unlocked SSH private keys).

Cristian Ciupitu
  • 20,270
  • 7
  • 50
  • 76
phinze
  • 2,297
  • 1
  • 15
  • 8
  • 1
    Have you read through the ssh-agent source code? It is, after all, an open source project. The comments and general gist of the initialization should be a pretty good indication of what they're doing. As far as I know ssh-agent, on UNIX-like systems, primarily uses the mlock(2) system call to ensure that it's in-memory plain store of your pass phrases should never be paged out into the system swap files/partitions. It uses a private UNIX domain socket (mode 0600) for communications between the agent and all clients (ssh and scp commands). – Jim Dennis Mar 10 '12 at 21:51

1 Answers1

1

Perhaps this will help: Man: mlock(2)

Note that UNIX domain sockets are somewhat more secure then Internet domain sockets since they can only be reached from local host and access to them can be further constrained to specific users and groups (using chown and chgrp and, of course, chmod).

Jim Dennis
  • 17,054
  • 13
  • 68
  • 116