Re: Reiser4 crypto-compression design

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Hans Reiser <reiser@namesys.com>
To: Edward Shushkin <edward@namesys.com>
Cc: Hendrik Visage <hvisage@envisage.co.za>,
	reiserfs-list@namesys.com, reiserfs-dev@namesys.com,
	Pierre Abbat <phma@webjockey.net>
Subject: Re: Reiser4 crypto-compression design
Date: Wed, 26 Mar 2003 21:21:41 +0300	[thread overview]
Message-ID: <3E81EFB5.7040603@namesys.com> (raw)
In-Reply-To: <3E81DD6C.AA9B5A92@namesys.com>

Edward Shushkin wrote:

>Hendrik Visage wrote:
>  
>
>>On Tue, Mar 25, 2003 at 10:52:36PM +0300, Edward Shushkin wrote:
>>    
>>
>>>All
>>>the compression issues for the traditional approach described in the
>>>following paper:
>>>      
>>>
>> http://www.namesys.com/compression.txt
>>
>>    
>>
>>>  When user creates a crypto-file, the file system asks for a secret
>>>key and calculates its id (128-bit word) which supposed to be stored
>>>in file's stat-data on disk.
>>>      
>>>
>>What about Public-Private key setups?
>>    
>>
>
>Hans, do we need public-private interface in reiser4?
>
I think not in the first release, but eventually, yes I suppose so.

>
>  
>
>>Ie. using a Public key to encrypt the data (Or at least encrypt the
>>shared key with the public key).
>>    
>>
>
>  You mean whether Alice can read a file, which Bob created by Alice's
>public key? 
>  I think yes. Alice just need to post her 128-bit key-id as a part of her
>public key, BUT next time Bob won't be able to open the file he just created
>for Alice (he will need Alice's private key for this). This is because the
>file system  won't distinguish Bob from other users which don't have Alice's
>private key. At the same time, the file system should ask for a secret (private)
>key when someone tries to open existing crypto-file, since there can be decrypted
>data in page cache intended only for Alice. So the only thing that Bob will be
>able to do is delete this file as an owner, but not read. This inconvenience 
>probably can be eliminated by using shared keys (although it doesn't provide 
>a great security: if I remember correctly, shared key is a private key which
>is known by group of certain users.. ) 
>  I want to specify precisely, what is 128-bit key-id. 
>Our private(secret) key consists from two parts: 
>1) key required by crypto algorithm to decrypt data
>2) special random string which was created during key generation procedure.
>  In order to calculate key-id we decrypt (2) by (1) and apply to the result 
>a crypto-stable hash function. This key-id supposed to be stored in stat-data
>and is used by the FS to identify private key. Also this key-id is a part of
>public key which is a pair:
>a) key required by crypto algorithm to encrypt data
>b) key-id
>Obviously, public key makes sense only for asymmetric crypto algorithms.
>
>  
>
>>Also, there might/would be the need for
>>escrow(Right term?) keys. Ie. keys that the Security Officer 
>>    
>>
>
>is it a kind of shared key?
>
>  
>
>>could use to decrypt data (In case of bus accident or dismissal etc.)
>>
>>Or rather, how will the FS "ask"/request a key for decryption in a secure way?
>>    
>>
>
>So when user creates new crypto-file and writes into it, the FS requires only a 
>public key (his own, or someone's else). For all future accesses to this crypto-file
>the FS will require both keys (private key for access and read, and public key 
>for write); it may be the same key if crypto algorithm is symmetric).
>
>Thanks for interesting question, 
>Edward.
>
>  
>
>>Hendrik
>>    
>>
>
>
>  
>


-- 
Hans

next prev parent reply	other threads:[~2003-03-26 18:21 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-03-25 19:52 Reiser4 crypto-compression design Edward Shushkin
2003-03-25 20:23 ` Hendrik Visage
2003-03-26 17:03   ` Edward Shushkin
2003-03-26 18:21     ` Hans Reiser [this message]
2003-03-26 18:53     ` Hendrik Visage
2003-03-27 16:15       ` Edward Shushkin
2003-03-26 12:30 ` Pierre Abbat
2003-03-26 18:33   ` Hans Reiser
2003-03-26 20:35   ` Hubert Chan
2003-03-26 21:39     ` Hans Reiser
2003-03-27  0:16     ` Pierre Abbat
2003-03-27 16:30       ` Hans Reiser
2003-03-27 23:34         ` Pierre Abbat

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3E81EFB5.7040603@namesys.com \
    --to=reiser@namesys.com \
    --cc=edward@namesys.com \
    --cc=hvisage@envisage.co.za \
    --cc=phma@webjockey.net \
    --cc=reiserfs-dev@namesys.com \
    --cc=reiserfs-list@namesys.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.