On Wednesday 30 October 2002 03:56 pm, Lars Marowsky-Bree wrote:
> Do you encrypt before the data has hit the data journal or after? Does that
> work for mmap etc?
I have not finished journaling support yet, but it will encrypt before it hits
the journal. Yes, there should be no problem with mmap.
>
> This sounds like something you might want to abstract into a generic
> architecture to be shared with the loop device code, or anything which
> might need encryption in the kernel. Otherwise it is a PITA to maintain.
I will be going over the cryptoAPI code tonight and seeing if I can change the
crypto routines to use the cryptoAPI, as it would be much easier to maintain.
> And I thought some of those algorithms were strictly signature / hash
> algorithms, but you never stop learning ;-)
The SHA algorithms, as well as MD5 are used for message digests (hashing).
This is used to transform the key prior to passing the key off to the
specific algorithms key setup functions. I have also thought about, albeit
not too much, about using message digests/signatures as a file integreity
mechanism.
I should also mention that deletion of files on ext3sj will use DoD standards
for secure file deletion by overwriting the data with all 0's, all 1's, and
then random data. So, before you delete a file, make sure you really want to
delete it, because there won't be a way to recover it.
-Matthew J. Fanto
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Oct 31 2002 - 22:00:49 EST