[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New release of CFS Unix encrypting file system available



Matt Blaze writes:
>CFS pushes encryption services into the Unix(tm) file system.  It
>supports secure storage at the system level through a standard Unix
>file system interface to encrypted files.  Users associate a
>cryptographic key with the directories they wish to protect.  Files in
>these directories (as well as their pathname components) are
>transparently encrypted and decrypted with the specified key without
>further user intervention; cleartext is never stored on a disk or sent
>to a remote file server.  CFS employs a novel combination of DES
>stream and codebook cipher modes to provide high security with good
>performance on a modern workstation.  CFS can use any available file
>system for its underlying storage without modification, including
>remote file servers such as NFS.  System management functions, such as
>file backup, work in a normal manner and without knowledge of the key.

What happens to hard links?

mkdir foo bar
CFS_set_directory_key -directory ./foo -key foo-key
CFS_set_directory_key -directory ./bar -key bar-key
cp /etc/passwd ./foo/test1
ln ./foo/footest ./bar/bartest
cmp ./foo/footest ./bar/bartest