From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sTQIHsMaK_qT for ; Tue, 11 Sep 2012 20:31:49 +0200 (CEST) Received: from v4.tansi.org (ns.km33513-03.keymachine.de [87.118.94.3]) by mail.saout.de (Postfix) with ESMTP for ; Tue, 11 Sep 2012 20:31:48 +0200 (CEST) Received: from gatewagner.dyndns.org (84-72-142-78.dclient.hispeed.ch [84.72.142.78]) by v4.tansi.org (Postfix) with ESMTPA id 740771404001 for ; Tue, 11 Sep 2012 20:31:48 +0200 (CEST) Date: Tue, 11 Sep 2012 20:31:48 +0200 From: Arno Wagner Message-ID: <20120911183148.GA9317@tansi.org> References: <1346721635.29083.YahooMailNeo@web161504.mail.bf1.yahoo.com> <20120904012914.GA22939@tansi.org> <1346793249.9716.YahooMailNeo@web161501.mail.bf1.yahoo.com> <20120905124109.GA11942@tansi.org> <1347380237.80031.YahooMailNeo@web160804.mail.bf1.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1347380237.80031.YahooMailNeo@web160804.mail.bf1.yahoo.com> Subject: Re: [dm-crypt] newbie qs on dm-crypt List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Simple: You need to get it into the kernel. dm-crypt does not supply the run-time encryption, it just does the kernel cm-crypt module setup, i.e. it establishes the "mapping". After that, all encryption is done by the kernel. If your stuff is non-GPL, then I suspect you will need to maintain your own kernel patch-set. Basically that will be a waste of time, and has zero engineering or security justification. It can be necessary for political reasons, I can see that. But expect it to be a huge pain and effort for zero technological advantage and you cannot distribute it legally. Note on GPL: As long as you do not distribute this kernel, or the patch-set, you can do whathever you like. As soon as you distribute, even only to specific customers or as part of a "blackbox" product, you are screwed and need to GPL the module. There is no freew lunch here. If you want your own non-GPL crypto in a Linux-like kernel, then you need to re-implement that Linux-like kernel yourself, possibly spending a few billions on it. You may want to look at the xBDSs. They have more permissive licenses. Arno On Tue, Sep 11, 2012 at 09:17:17AM -0700, Anil wrote: > Suppose I have a library of various crypto algorithms. It is proprietary. > I build it as a module and want the user to run dm-crypt specifying my module to be run. > For example, > crypt FooCryptoLibrary-aes-xts > I read that if your module is not GPL, then one cannot access core functions. > Will there be a problem here? > > > ________________________________ > From: Arno Wagner > To: dm-crypt@saout.de > Sent: Wednesday, September 5, 2012 7:41 AM > Subject: Re: [dm-crypt] newbie qs on dm-crypt > > On Tue, Sep 04, 2012 at 02:14:09PM -0700, Anil wrote: > > Thanks for replying. > > You said, > > "Ciphers and modes are the job of the kernel, not dm-crypt." > > > > > I am trying to understand if?proprietary software can be used with > > dm-crypt. > > > > That depends. > > > I read it is in GPL mode. Which version? GPL v2, v3, LGPL...? > > > > For example, there is some in-house proprietary developed code for > > AES-XTS. > > > > If I understood your reply correctly, then dm-crypt will call these > > functions loaded into the kernel and there will not be any problem as the > > GPL code (dm-crypt) will not be linked with the proprietary code.? Is that > > so?? > > No. Kernels are different. If you do not distribute, it does not > matter anyways. If you distribute, and want your stuff to stay > closed, you should probably talk to an IP lawyer. > > I have to say though that there is pobably no point, as AES-XTS is > open and the kernel implementation is probably better than yours > anyways. > > Arno > > > > > > > > > > > ________________________________ > >? From: Arno Wagner > > To: dm-crypt@saout.de > > Sent: Monday, September 3, 2012 8:29 PM > > Subject: Re: [dm-crypt] (no subject) > >? > > On Mon, Sep 03, 2012 at 06:20:35PM -0700, Anil wrote: > > > Newbie here. I need to use dm-crypt with aes-xts. How is dm-crypt called? > > > > Refer to the man-page and the FAQ. > > > > > Is it possible to encrypt data while being saved on the fly? > > > > That is its job. It is not possible to do it in any other way. > > > > > Will there be file filters to encrypt/decrypt while saving > > > and opening the file? > > > > No. > > > > > Is aes-xts provided elsewhere as a plugin? or is it part of dmcrypt? > > > > Ciphers and modes are the job of the kernel, not dm-crypt. > > It just uses them. > > > > Arno > > -- > > Arno Wagner,? ? Dr. sc. techn., Dipl. Inform.,?? Email: arno@wagner.name > > GnuPG:? ID: 1E25338F? FP: 0C30 5782 9D93 F785 E79C? 0296 797F 6B50 1E25 338F > > ---- > > One of the painful things about our time is that those who feel certainty > > are stupid, and those with any imagination and understanding are filled > > with doubt and indecision. -- Bertrand Russell > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@saout.de > > http://www.saout.de/mailman/listinfo/dm-crypt > > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@saout.de > > http://www.saout.de/mailman/listinfo/dm-crypt > > > -- > Arno Wagner,? ? Dr. sc. techn., Dipl. Inform.,? Email: arno@wagner.name > GnuPG:? ID: 1E25338F? FP: 0C30 5782 9D93 F785 E79C? 0296 797F 6B50 1E25 338F > ---- > One of the painful things about our time is that those who feel certainty > are stupid, and those with any imagination and understanding are filled > with doubt and indecision. -- Bertrand Russell > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell