Hi Eric, I'm still working on the ceph+fscrypt patches (it's been slow going, but I am making progress). Eventually RH would like to ship this as a feature, but there is one potential snag that -- a lot of our customers need their boxes to be FIPS-enabled [1]. Most of the algorithms and implementations that fscrypt use are OK, but HKDF is not approved outside of TLS 1.3. The quote from our lab folks is: "HKDF is not approved as a general-purpose KDF, but only for SP800-56C rev2 compliant use. That means that HKDF is only to be used to derive a key from a ECDH/DH or RSA-wrapped shared secret. This includes TLS 1.3." Would you be amenable to allowing the KDF to be pluggable in some fashion, like the filename and content encryption algorithms are? It would be nice if we didn't have to disable this feature on FIPS-enabled boxes. [1]: https://www.nist.gov/itl/fips-general-information Thanks! -- Jeff Layton <jlayton@xxxxxxxxxx>
|