Re: Design Issue - Transparent interface to some encrypted files

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, Dec 13, 2003 at 07:57:48AM +0000, Srinivas Vedula wrote:
>
> Hello,
>
> I am trying to write a transparent interface to some encrypted files so
> that the user does not notice that the files are stored encrypted. All the
> files are encrypted using the same key and algorithm.
some time ago, I've worked for this problem, my interest was to made a
framework for keep file transparent encrypted and user accessibiliy
discrimined by a password.

my solution was implemented on userspace http://www.s0ftpj.org/tools/umpf.tar.gz
but have a lots of design problem and security tactics.
(btw, my first focus on developing umpf was to made software very small and lightweight,
file system indepentend and usable from a simple user, not requiring root)

after, one friend have ported umpf on kernel module, "kumpf" http://kumpf.sf.net,
this should better for some reason, this should interest you too,

> As a quick hack I thought of catching the necessary system calls ( like
> open, read, write) do the necessary encryption, decryption and return the
> data to the user. This will work with write as the processing is done
> before calling the system call. But with read the processing has to be done
> after the system call completes. This can be may be done by changing the
> way system calls are returned in entry.S.  But I am not sure how to do this.
umh, the way to change systemcall, runtime or not, is not a good way. for
the future I'm thinking to implement a new kind of file supported, with 
some file operations act to dispense userspace program to manage the
file function open/mmap/close/write etc...

but is only a remote idea, because this software have sense (imho) only
if used on multiuser system where you shouldn't work with root permission.

on your systems...
> Could some one suggest if this is a good way to proceed or if there is a
> better solution to this. I do not want to use an encrypted filesystem
> because the files are very few and part of different directories
use symlink to encrypted loop-aes partition :)

bye
Claudio

Attachment: pgp00507.pgp
Description: PGP signature

[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux