From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Halcrow Subject: eCryptfs: Request for review Date: Tue, 18 Oct 2005 14:38:11 -0500 Message-ID: <20051018193811.GA11545@halcrow.us> Reply-To: Michael Halcrow Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-ripemd160; protocol="application/pgp-signature"; boundary="G4iJoqBmSsgzjUCe" Cc: Phillip Hellewell , yoder1@us.ibm.com, mcthomps@us.ibm.com, emilyr@us.ibm.com Return-path: Received: from ylpvm12-ext.prodigy.net ([207.115.57.43]:40391 "EHLO ylpvm12.prodigy.net") by vger.kernel.org with ESMTP id S1751481AbVJRTlp (ORCPT ); Tue, 18 Oct 2005 15:41:45 -0400 Received: from pimout5-ext.prodigy.net (pimout5-int.prodigy.net [207.115.4.21]) by ylpvm12.prodigy.net (8.12.10 outbound/8.12.10) with ESMTP id j9IJgETr015119 for ; Tue, 18 Oct 2005 15:42:14 -0400 To: linux-fsdevel@vger.kernel.org Content-Disposition: inline Sender: linux-fsdevel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org --G4iJoqBmSsgzjUCe Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable We are preparing to send eCryptfs to the LKML for inclusion in the -mm tree, and we would like to solicit feedback from those in the community who have an interest in Linux filesystems and cryptographic applications. We are mainly interested at this point in comments that might help us with VFS-related issues. eCryptfs can be obtained from its SourceForge CVS repository: http://sourceforge.net/projects/ecryptfs cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/ecryptfs login cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/ecryptfs co -P . The code to perform the filesystem stacking is derived from Erez Zadok's Cryptfs, which is one of the filesystems instantiated through the FiST framework: http://filesystems.org/ I presented eCryptfs at the 2004 and the 2005 Ottawa Linux Symposium. The paper from this year's symposium starts on page 209 of the first half of the proceedings: http://www.linuxsymposium.org/2005/linuxsymposium_procv1.pdf I like to describe it as a sort of ``PGPFS''. It is stacked on top of other filesystems. It aims to combine the flexibility of GnuPG encryption with the transparency of a kernel service. Cryptographic contexts (e.g., symmetric cipher identifier and encrypted session keys) are stored in the first page of data in the file. This allows the underlying encrypted files to be copied between domains with unmodified userspace applications, and as long as the recipient has the necessary credentials, he can access the contents of the files transparently through eCryptfs. The first release of eCryptfs (0.1) will support only mount-wide passphrase mode. Some of the more advanced features, such as dynamic PKI modules (allowing integration w/ GnuPG keyrings, TPM, and so on), have been implemented and tested to some extent, but they are cumbersome to deploy without more mature policy support. We have disabled public key operation modes for the 0.1 release (also in anticipation of better policy support in the future releases), but more advanced users and developers are encouraged to experiment with that code to their hearts' content. eCryptfs is still a little rough around the edges (some behavior is due to current needs for debugging), but it is pretty close to its final form for the 0.1 release. There are known corner cases where it breaks down right now, and we are chasing those bugs at the moment. Please take a look at it and provide whatever feedback you can. Thanks, Mike =2E___________________________________________________________________. Michael A. Halcrow =20 Security Software Engineer, IBM Linux Technology Center =20 GnuPG Fingerprint: 419C 5B1E 948A FA73 A54C 20F5 DB40 8531 6DCA 8769 --G4iJoqBmSsgzjUCe Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iQEVAwUBQ1VPI9tAhTFtyodpAQOElwf9HPscHxooSxDRpVI1AMgTZMPnoTJGXoc0 bc1UKvBY0ChEySGLigLcReuC82A5U76UBKHP0SF84ASKP7iSsxkP+TkMCBKB3a6M JzHh+JDOpRJ48uc1etsiHVNzlPWlSxd0ZLDWMkZYyZVtIq1ue+IeeaB6kPItKi+P u6vsLSS4s0CPOUfm+KVKPPyQL5np2OfcPgNEPcvZShq8oK1XGFjZVSbD1n7nJZmQ FNth+o0+cUlYIesu1OsTFqq2s9BJLgDrKWAuDlUw0h89y+Pglq5AlOQxC4Fa19Jo 8oWrhkUe7//D+VtA8PbAa2exopH4y7UKQaZrsVuXyoE9YSElGn1STg== =6kgZ -----END PGP SIGNATURE----- --G4iJoqBmSsgzjUCe--