From owner-freebsd-fs Thu Sep 14 22:41:54 2000 Delivered-To: freebsd-fs@freebsd.org Received: from vbook.express.ru (vbook.express.ru [212.24.37.106]) by hub.freebsd.org (Postfix) with ESMTP id EE68D37B423 for ; Thu, 14 Sep 2000 22:41:50 -0700 (PDT) Received: (from vova@localhost) by vbook.express.ru (8.9.3/8.9.3) id JAA39002; Fri, 15 Sep 2000 09:18:05 +0400 (MSD) (envelope-from vova) From: "Vladimir B. Grebenschikov" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14785.45324.164570.436002@vbook.express.ru> Date: Fri, 15 Sep 2000 09:18:04 +0400 (MSD) To: "Geoffrey T. Falk" Cc: freebsd-fs@FreeBSD.ORG Subject: Re: AW: crypto fs? In-Reply-To: <200009141434.IAA03818@h-209-91-79-2.gen.cadvision.com> References: <200009141401.IAA03781@h-209-91-79-2.gen.cadvision.com> <200009141434.IAA03818@h-209-91-79-2.gen.cadvision.com> X-Mailer: VM 6.72 under 21.1 (patch 9) "Canyonlands" XEmacs Lucid Sender: owner-freebsd-fs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Geoffrey T. Falk writes: > On 14 Sep, I wrote: > > A proper crypto filesystem would encrypt the blocks in the strategy() > > routine. One could run a standard FFS directly on top of it. > > To clarify, obviously, I was thinking of implementing an encrypted > device as a pseudo- block device, that maps to an existing partition. > The passphrase could be set using an ioctl(). May be portalfs helps you ? (man mount_portalfs) > A main concern with crypto FS is keeping plaintext blocks from being > swapped out. If you are following this approach, you would also encrypt > your swap devices. > > The whole issue of crypto services in the kernel is one I would like to > see developing. To my knowledge not even OpenBSD has gone this far. > > g. > -- TSB Russian Express, Moscow Vladimir B. Grebenschikov, vova@express.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-fs" in the body of the message