A new Ubuntu utility seeing an uptick in development recently is crypto-config as a means of system-wide cryptography configuration.

Crypto-config has been quietly in development since last year but seemingly now taking on more development load being past the Ubuntu 24.04 LTS phase. In last week's Ubuntu Foundations Team Updates it was [1]described by Canonical engineer Adrien Nader as:

Work on crypto-config for system-wide configuration of cryptography

Updated code against latest specification, fixed several small issues

Added temporary code to be able to not be a dependency of the configured packages

Started preparing demonstration profiles

looked at gnutls’ configuration handling to add drop-ins support

looked at nginx’ configuration which prevents disabling TLS versions after they’ve been enabled once

Crypto-config isn't currently relied upon by Ubuntu but is under active development. There is [2]a PPA for offering the latest crypto-config packages for those interested. The upstream code for crypto-config is currently on [3]GitLab .

Documentation is light but crypto-config currently is aiming to be a means of system-wide cryptography configuration profile management. There are currently profiles for managing the crypto settings around Apt, Nginx, GnuTLS, and OpenSSL. It will be interesting to see what comes of crypto-config for easing crypto settings management in future Ubuntu releases.



[1] https://discourse.ubuntu.com/t/foundations-team-updates-thursday-2024-06-27/45926/4

[2] https://launchpad.net/~adrien/+archive/ubuntu/crypto-config/+packages

[3] https://gitlab.com/crypto-config/crypto-config/