Did you know that Linux has a full-featured keystore ready to be utilized by any application or service it runs? Applications can securely store and share credentials, secrets and cryptographic keys, sign and encrypt data, negociate a common encryption key - all this by never touching a single byte of the underlying cryptographic material.
This is especially useful in the post-heartbleed and cloud-native environments, where services authenticate and securely talk to each another utilizing any kind of credentials. But if a network-facing service besides has any secret in its process address space, it sets itself up for a safety failure as any possible out-of-bounds memory access vulnerability may let the secret to be leaked.
More: https://confidence-conference.org/
![[#105] Cyberprzestępczość - perspektywa prawno-karna - Zbigniew Krüger](https://i1.ytimg.com/vi/SzwplHxsBW8/maxresdefault.jpg)
