0

I am dealing with some p12 certificates that I need to parse and pass to the python requests module. As they cannot take a p12 directly, I am using pyopenssl to parse them into certificates and keys.

But because requests cert parameter cannot accept anothing other than a path to a file ( see reference 1 ), I need to write these decrypted values to disk.

This got me thinking. Is there some way for a ring 3 ( user land ) application to create an encrypted memory block ( be it in memory or on disk ) and lay down a fileystem that is solely accessible to the application, for it to write temporary files to. Theoretically this is possible, however I was just curious if anyone knew of any existing software/librariers/modules that could achieve this.

reference 1: How to open ssl socket using certificate stored in string variables in python

Community
  • 1
  • 1
Matt Joyce
  • 2,010
  • 2
  • 20
  • 31
  • On linux, look at systemd and PrivateTmp. https://www.freedesktop.org/software/systemd/man/systemd.exec.html – Stephane Martin Nov 14 '16 at 18:05
  • I would never use systemd. It is malware. Also, systemd's solution appears to only be a namespace isolation. Not encryption at rest. – Matt Joyce Nov 14 '16 at 18:18
  • Tempted to just use a packer. And just let it handle the crypto bit. – Matt Joyce Nov 14 '16 at 18:26
  • Have you looked into the [FUSE filesystem](https://www.google.com/search?q=FUSE+filesystem)? To restrict access to just your application, then you probably need a PaX kernel or SELinux. But its just a guess since I have not used FUSE and I rarely use SELinux. – jww Nov 15 '16 at 03:24
  • I considered fuse... not sure how you'd app restrict it. SELinux / Apparmor seems an approach but that's more namespacing / chroot style solutions. I'd rather have something with a better isolation mechanism. I figure worst case scenario I pack it like it's malware. – Matt Joyce Nov 15 '16 at 16:09

0 Answers0