Date: Wed, 2 Nov 2005 20:32:20 -0700
From: Phillip Hellewell <phillip@hellewell.homeip.net>
To: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org
Cc: phillip@hellewell.homeip.net, mike@halcrow.us, mhalcrow@us.ibm.com,
       mcthomps@us.ibm.com, yoder1@us.ibm.com
Subject: [PATCH 0/12: eCryptfs] eCryptfs version 0.1
Message-ID: <20051103033220.GD2772@sshock.rn.byu.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 2631
Lines: 58

This set of patches constitutes eCryptfs version 0.1. We are
presenting it to be reviewed and considered for inclusion into the
kernel.

eCryptfs is a stackable filesystem that is based off of the Cryptfs
that is generated by the FiST stackable filesystem framework written
by Erez Zadok:

http://filesystems.org/

eCryptfs stores cryptographic metadata in the headers of each file;
the headers contain OpenPGP-like packets (see RFC 2440). This allows
the encrypted underlying files to be copied between hosts, and all of
the information necessary to decrypt the files stays with the files
themselves. eCryptfs aims to make the encryption and the decryption of
each individual file completely transparent to userspace applications,
so long as the recipient has the requisite key or passphrase to access
the file available.

Michael Halcrow presented eCryptfs at the 2004 and the 2005 Ottawa
Linux Symposiums; the high-level overview from this year's symposium
starts on page 209 of the first half of the symposium proceedings:

http://www.linuxsymposium.org/2005/linuxsymposium_procv1.pdf

Note that this set of patches contains a considerably trimmed-down
version of eCryptfs than what was sent to the LKML earlier this
year. Release 0.1 includes mount-wide passphrase support only; this
will make eCryptfs easier to analyze and debug before the more
advanced policy and public key features are merged in.

eCryptfs performs well under a variety of tests, including FSX and
Connectathon (Basic and General functional). There is a bug that crops
up on a kernel compile. We would appreciate any insight that the VFS
guru's could give us in tracking down and fixing any extant bugs.

eCryptfs utilizes David Howells' keyring; at mount, eCryptfs version
0.1 expects an existing authentication token in the user's session
keyring. The tarball containing the code to do this is available from
the eCryptfs SourceForge site (ecryptfs-v0_1.tar.bz2):

http://sourceforge.net/projects/ecryptfs/

Future releases will have policy support, which will entail per-file
passphrase and per-file public key support. Those who are interested
in looking at that code are welcome to obtain it from the eCryptfs CVS
repository on SourceForge:

cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/ecryptfs login
cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/ecryptfs \
 co -P ecryptfs

Phillip
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/