Linux Encrypted File Sytem
Hey guys, I'm hoping that you guys can point me in the right direction. I have become very interested in the idea of an encrypted file system, rather than encrypting individual files. I read an article in the Linux Journal that talked about how to give Linux the support. Well, first I had to get the source for an older kernel, 2.0.30, and use the patches. It patched and compiled fine. Next I was supposed to patch mount. The problem I am facing is that the mount source will not take the patch right. If anyone can help me on these two issues I would be very happy: 1) What source version of mount do I need to use? 2) Is there a way to get kernel 2.0.35 or later to use this support? Mike ----------------------------------------------------------------------------- "The Darkest Hour is Always Just Before Dawn..." Mike Gorsuch aka Wulfgang ICQ UIN 670820 email: mikeg@soonernet.com Web Page: http://www.geocities.com/Area51/Rampart/6071 ------------------------------------------------------------------------------
Did you try CFS? It does not require any patches to the kernel or the mount program. igor Mike Gorsuch wrote:
Hey guys,
I'm hoping that you guys can point me in the right direction. I have become very interested in the idea of an encrypted file system, rather than encrypting individual files. I read an article in the Linux Journal that talked about how to give Linux the support. Well, first I had to get the source for an older kernel, 2.0.30, and use the patches. It patched and compiled fine. Next I was supposed to patch mount. The problem I am facing is that the mount source will not take the patch right.
If anyone can help me on these two issues I would be very happy:
1) What source version of mount do I need to use?
2) Is there a way to get kernel 2.0.35 or later to use this support?
Mike
----------------------------------------------------------------------------- "The Darkest Hour is Always Just Before Dawn..."
Mike Gorsuch aka Wulfgang ICQ UIN 670820 email: mikeg@soonernet.com Web Page: http://www.geocities.com/Area51/Rampart/6071 ------------------------------------------------------------------------------
- Igor.
Thanks! I appreciate the quick response. Where can I get CFS? Mike On 11-Dec-98 Igor Chudov @ home wrote:
Did you try CFS? It does not require any patches to the kernel or the mount program.
igor
Mike Gorsuch wrote:
Hey guys,
I'm hoping that you guys can point me in the right direction. I have become very interested in the idea of an encrypted file system, rather than encrypting individual files. I read an article in the Linux Journal that talked about how to give Linux the support. Well, first I had to get the source for an older kernel, 2.0.30, and use the patches. It patched and compiled fine. Next I was supposed to patch mount. The problem I am facing is that the mount source will not take the patch right.
If anyone can help me on these two issues I would be very happy:
1) What source version of mount do I need to use?
2) Is there a way to get kernel 2.0.35 or later to use this support?
Mike
----------------------------------------------------------------------------- "The Darkest Hour is Always Just Before Dawn..."
Mike Gorsuch aka Wulfgang ICQ UIN 670820 email: mikeg@soonernet.com Web Page: http://www.geocities.com/Area51/Rampart/6071 ----------------------------------------------------------------------------- -
- Igor.
----------------------------------------------------------------------------- "The Darkest Hour is Always Just Before Dawn..." Mike Gorsuch aka Wulfgang ICQ UIN 670820 email: mikeg@soonernet.com Web Page: http://www.geocities.com/Area51/Rampart/6071 ------------------------------------------------------------------------------
Ask Matt Blaze, cfs@research.att.com igor Mike Gorsuch wrote:
Thanks! I appreciate the quick response. Where can I get CFS?
Mike
On 11-Dec-98 Igor Chudov @ home wrote:
Did you try CFS? It does not require any patches to the kernel or the mount program.
igor
Mike Gorsuch wrote:
Hey guys,
I'm hoping that you guys can point me in the right direction. I have become very interested in the idea of an encrypted file system, rather than encrypting individual files. I read an article in the Linux Journal that talked about how to give Linux the support. Well, first I had to get the source for an older kernel, 2.0.30, and use the patches. It patched and compiled fine. Next I was supposed to patch mount. The problem I am facing is that the mount source will not take the patch right.
If anyone can help me on these two issues I would be very happy:
1) What source version of mount do I need to use?
2) Is there a way to get kernel 2.0.35 or later to use this support?
Mike
----------------------------------------------------------------------------- "The Darkest Hour is Always Just Before Dawn..."
Mike Gorsuch aka Wulfgang ICQ UIN 670820 email: mikeg@soonernet.com Web Page: http://www.geocities.com/Area51/Rampart/6071 ----------------------------------------------------------------------------- -
- Igor.
----------------------------------------------------------------------------- "The Darkest Hour is Always Just Before Dawn..."
Mike Gorsuch aka Wulfgang ICQ UIN 670820 email: mikeg@soonernet.com Web Page: http://www.geocities.com/Area51/Rampart/6071 ------------------------------------------------------------------------------
- Igor.
On Fri, Dec 11, 1998 at 12:41:03PM -0600, Mike Gorsuch wrote:
Hey guys,
I'm hoping that you guys can point me in the right direction. I have become very interested in the idea of an encrypted file system, rather than encrypting individual files. I read an article in the Linux Journal that talked about how to give Linux the support. Well, first I had to get the source for an older kernel, 2.0.30, and use the patches. It patched and compiled fine. Next I was supposed to patch mount. The problem I am facing is that the mount source will not take the patch right.
I'm maintaining the international kernel patch for Linux which aims to collect all crypto-related features for the Linux kernel in one easy patch. This patch is tracking the development version of Linux, not the stable one. The patch is available from: ftp://ftp.kerneli.org/pub/Linux/kerneli/v2.1/ The loopback modules currently supports the following ciphers: serpent (cbc), mars (cbc), rc6 (cbc), dfc (cbc), blowfish (cbc), cast-128 (ecb), and twofish (cbc). This code is changing rapidly, so if you feel uneasy about development versions of the kernel, this might not be for you until it has become a bit more stable.
If anyone can help me on these two issues I would be very happy:
1) What source version of mount do I need to use?
If you patch linux-2.1.131 (the latest release) with patch-int-2.1.131.1.gz you can look in the Documentation/crypto directory for some mount-patches. However I intend to make a newer patch with support for more of the cipher algorithms - and against the latest util-linux.
2) Is there a way to get kernel 2.0.35 or later to use this support?
If you want to use the stable kernel, you can look at ftp://ftp.kerneli.org/pub/Linux/kerneli/net-source/loop/ for a collection of loop-crypto patches against 2.0.x. You can also look into tcfs available at ftp://ftp.kerneli.org/pub/Linux/kerneli/net-source/tcfs/ This is basically crypto-support for NFS which is more integrated than CFS (the T in TCFS stands for 'transparent'). astor -- Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway http://www.guardian.no/
On Fri, Dec 11, 1998 at 01:45:55PM -0600, Igor Chudov @ home wrote:
Did you try CFS? It does not require any patches to the kernel or the mount program.
CFS encrypts files and directory names individually, rather than filesystems as a whole, allowing the user to infer directory structure by examining the encrypted store. It also does really badly if you expect to use it with more than one user. In addition, the documentation (last I looked) pretty clearly says not to use it in a multiuser environment. TCFS makes extensions upon CFS. I don't know how well it does, though, or whether it fixes the problems listed above. I've only heard it described in the context of a suggested alternative. There are apparently several others, whose names I don't know, unfortunately. I've not looked at them. - joel "No real content, just a comment or two"
igor
Mike Gorsuch wrote:
Hey guys,
I'm hoping that you guys can point me in the right direction. I have become very interested in the idea of an encrypted file system, rather than encrypting individual files. I read an article in the Linux Journal that talked about how to give Linux the support. Well, first I had to get the source for an older kernel, 2.0.30, and use the patches. It patched and compiled fine. Next I was supposed to patch mount. The problem I am facing is that the mount source will not take the patch right.
If anyone can help me on these two issues I would be very happy:
1) What source version of mount do I need to use?
2) Is there a way to get kernel 2.0.35 or later to use this support?
Mike
----------------------------------------------------------------------------- "The Darkest Hour is Always Just Before Dawn..."
Mike Gorsuch aka Wulfgang ICQ UIN 670820 email: mikeg@soonernet.com Web Page: http://www.geocities.com/Area51/Rampart/6071 ------------------------------------------------------------------------------
- Igor.
At 12:41 PM 12/11/98 -0600, Mike Gorsuch wrote:
Hey guys,
I'm hoping that you guys can point me in the right direction. I have become very interested in the idea of an encrypted file system, rather than
encrypting
individual files. I read an article in the Linux Journal that talked about how to give Linux the support. Well, first I had to get the source for an older kernel, 2.0.30, and use the patches. It patched and compiled fine. Next I was supposed to patch mount. The problem I am facing is that the mount source will not take the patch right.
If anyone can help me on these two issues I would be very happy:
1) What source version of mount do I need to use?
2) Is there a way to get kernel 2.0.35 or later to use this support?
There is a set of Kernel patches at ftp://ftp.kerneli.org/pub/linux/kerneli/v2.1/ . Look for the patch-int files. Note: I have not been able to get these to compile cleanly. It may take some work to get them to work right. (I know of at least one typo in devices/block/loop_gen.c that prevents it from compiling on the patch for 2.1.131.) --- | Bill Clinton - Bringing back the Sixties one Nixon at a time! | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | | | behind the keyboard.| | http://www.ctrl-alt-del.com/~alan/ |alan@ctrl-alt-del.com|
On Fri, Dec 11, 1998 at 09:10:36PM -0800, Alan Olsen wrote:
Note: I have not been able to get these to compile cleanly. It may take some work to get them to work right. (I know of at least one typo in devices/block/loop_gen.c that prevents it from compiling on the patch for 2.1.131.)
2.1.131.1 is broken. 2.1.131.3 should compile. astor -- Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway http://www.guardian.no/
participants (5)
-
Alan Olsen -
Alexander Kjeldaas -
ichudov@Algebra.COM -
joel boutros -
Mike Gorsuch