On Wed, 2009-10-14 at 11:48 +1100, James Morris wrote: > I wonder how to handle ecryptfs -- it strikes me as a special case > where the semantics are always local i.e. files can always be > decrypted locally because of the crypto metatdata stored with them. Hi James- Yes, ecryptfs-on-NFS has long been a holy grail for the eCryptfs project. More generally, getting ecryptfs working on top of *any* network filesystem (NFS, Samba, sshfs) would be brilliant. As you say, the beauty is that the decryption happens locally, on your CPU, and the storage server would just dutifully and agnosticly write your encrypted bits, and would never see any keys. We've hit a number of roadblocks, though, most of them of the filesystems-don't-layer-on-top-of-NFS-well variety. I don't suppose your present discussion gets us any closer to solving those? Regarding metadata, ecryptfs typically stores the metadata in the file headers, rather than XATTRs. Cheers, -- :-Dustin Dustin Kirkland Canonical, LTD kirkland@xxxxxxxxxxxxx GPG: 1024D/83A61194
Attachment:
signature.asc
Description: This is a digitally signed message part
