-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 To make the changes to store the cipher mode in the file header, we are proposing the following. 1. Change ECRYPTFS_SUPPORTED_FILE_VERSION to 4. This should prevent old versions of eCryptfs from trying to read new style headers. 2. Add a new cipher mode field in the appropriate packets of version 4 file headers. (I believe these are tag 1 and tag 3, for asymmetric and symmetric keys). Since there is no equivalent to this field in the OpenPGP RFCs, we will be creating a new list of constants similar to the ones in ecryptfs.h for the mode type. 3. When reading a file header and initializing a crypt_stat, if the version number is 4 or greater, read the mode out of the header, otherwise, default to CBC. 4. When writing out headers, refer to the file_version field in the crypt_stat to determine what to write out. If it's 4 or greater, include the mode field. This should result in the new version 4 header being written for all new files. Old files would still be read and written with the version 3 headers and default to using CBC mode. Older versions of eCryptfs should refuse to open files with version 4 headers. Does this make sense? If not, what are we missing? Thanks, - -Will -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJRrqd0AAoJEH8zVN2+6bAcD3UP/3r/FuHfQv175nccZ+JOemZZ 65hn9zMi5dFVCTcvqBwMFWFymOKyOJLYM5yP2rX093JpIA3MgquN3yNgOiEd+adt 8hLKZ84KPMnA41m220ujOLvKD6UA4GQpSTwkDsbvYxQV9W3EuPsR65WtSt23uECj VjU9EtKZ4xAQbQeXbRTTL678jIRUf4rffUEsFV/KWosdjeINNxZQPoZJHAwiTMDY lemxgXnMmgr/fs/NnW6W+D9hBehIXUXrqlZ/f+EkFygXCafHOLS6f7JHuq5MNDeD O5A53ClD2p6984sh745oUMltt0j0cQdF+gE//1hS1RhqHe2//K5YQe7Xgqab/Ahb lsOdc2cDa8B+w6jITyPfn31CJdmS3o/o+ltavTmK2hnMJB773ibmoPG8q2EGUOnO ePs6C9uCaBEV48svjlIrcWHE+NgbqK+cetyF5DP3mo1dPR+GiSPthEKrr0Tp96Ys ECYHWq+6N+cJnzb1GKM0frRAZPgvSmxtRdNQSiH82Moz5ThUIYaS6buhLApBvBIR TtDbL+hgZ8E90gcyeaPNTzmAmaVkj79F03HBq1GtkjesF78+AGmxL4xnUyJaV2s2 wc8xKvcwBctcHj+i2NoJq5dRX/8mGclA4sP18LPXqLxhyg3G13P/xZPtmdReRvpH /pBAmFxFCl3rfQkqsZdp =fnmV -----END PGP SIGNATURE----- -- To unsubscribe from this list: send the line "unsubscribe ecryptfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
