From 7b60d43f27545fa0066fad1f148d6a98beee04f4 Mon Sep 17 00:00:00 2001 From: Tanja Roth Date: Fri, 4 Aug 2023 17:42:06 +0200 Subject: [PATCH] custom subpolicy (WIP) --- xml/security_cryptopolicy.xml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/xml/security_cryptopolicy.xml b/xml/security_cryptopolicy.xml index ddc247e35a..d22d43a484 100644 --- a/xml/security_cryptopolicy.xml +++ b/xml/security_cryptopolicy.xml @@ -121,6 +121,13 @@ Switching to a different crypto-policy level + + Use the update-crypto-policies to set the policy level + which is applied to the cryptographic back-ends. It is the default policy + used by these back-ends unless the application user configures them + otherwise. + + @@ -154,4 +161,27 @@ + + Customizing existing crypto-policies + + + You can modify aspects of any predefined policy by removing or adding + algorithms or protocols. This way, you create a subpolicy (or policy + modifier module), stored in text files that include the modifications. + After creation, one or multiple subpolicies can be applied on the command + line to one of the predefined policies. For details, see example ????. + + + + Subpolicies need to be stored in + /usr/share/crypto-policies/policies/modules/. You + can also find example subpolicies in this directory. The name of the + subpolicy file must be MODULE.pmod, where + MODULE is the name of the modifier in + uppercase and without spaces. + + + + +