you may want to try encrypting/decrypting in mpage_writepage/mpage_readpage
and maintaining keys in inode/as extended attributes.
On Wed, Jul 10, 2013 at 10:39 PM, <Valdis.Kletnieks@xxxxxx> wrote:
This will probably not end well, as crypto is a lot harder to get right thanOn Wed, 10 Jul 2013 21:32:22 +0800, <wuyaalan@xxxxxxxxx> said:
> I wanna encrpto some data in kernel, and these encrypto data storage
> on disk .i should decrypt data before system call trasmit to user mode.
> then what should i do ? how to get encrypt data ?
> I wanna intercept write function(kernel), when this function got
> encrypt data i will decrypt.
it looks.
What threat model are you trying to defend against with the encrypted data?
What data are you encrypting, and who are you trying to keep it away from?
The biggest problem is the secure storage and management of crypto keys.
You're almost certainly better off using the in-kernel keyring code instead
of trying to do this yourself. Also see the various TPM support code.
And it's possible that what you *really* wanted to use is the userspace
cryptLUKS code or TrueCrypt or similar - it's hard to tell what you're trying to do.
_______________________________________________
Kernelnewbies mailing list
Kernelnewbies@xxxxxxxxxxxxxxxxx
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
