> Anybody knows how can I get a kind of 'crypt file system' to patch on
> kernel?
> I'd like to do this:
> #mount -t crypt /dev/cryptdev /mnt
> enter password:foo
> cript system mounted...
I believe the loop device has hooks to use DES or IDEA encryption. You must
add the DES code yourself; it can't ship with the kernel. If you do this, be
sure to read Solar Designer's recent message to linux-kernel about some
problems with the current DES addons for loop.c (with patches):
http://www.progressive-comp.com/Lists/?m=89452864621568&w=2
This message also has pointers to the DES addons.
There's another option, one that was suggested when someone asked the same
question a month ago (before that thread degenerated into a rant about why US
crypto laws suck). It may be a bit clunky, but TCFS can do this. TCFS =
Transparent Cryptographic FileSystem. IIRC:
The NFS server stores encrypted files on disk. NFS clients negotiate a key
when mounting/logging in, and then de/re crypt on the fly. The decrypted
data lives only in RAM on the client.
TCFS is designed to do "safe" NFS, but it can be & is used to do the sort of
thing you're talking about too, by mounting a filesystem off of yourself.
This is why I say it's a little clunky :) Aleph One recently made some
suggestions of how to make TCFS more streamlined in localhost-only setups,
but I haven't seen anybody comment on his ideas yet.
A URL I have for the TCFS project is: http://tcfs.dia.unisa.it/
We have archives of the (fairly quiet!) tcfs mailing list at:
http://www.progressive-comp.com/Lists/?l=tcfs&r=1&w=2#tcfs
HTH,
Hank Leininger <hlein@progressive-comp.com>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu