Brussels / 1 & 2 February 2020


AMENDMENT Custom Crypto Policies by Examples

Management of crypto algorithm restrictions

Management of allowed cryptographical algorithms to disallow algorithms not allowed due to weaknesses or restrictions by certification standards is complicated task. The talk will introduce system-wide crypto-policies concept and implementation as an attempt to help system administrators with this task.

This talk replaces "OSINT" talk which was schedulled initially, but David Busby could not attend on the short notice.

The system-wide crypto-policies were introduced in Fedora 21 in 2014. Since that time the tool evolved a lot especially with the recent introduction of run-time generation of configuration from a policy definition file and introduction of sub-policy concept. The feature is called Custom crypto policies. The crypto-policies nowadays help management of crypto algorithms not only in Fedora but also in Red Hat Enterprise Linux 8. It will be shown how the policy definition file looks like and how it is converted to the actual crypto library configuration.


Photo of Tomáš Mráz Tomáš Mráz