From: Alexander Kjeldaas <astor@guardian.no>
To: cypherpunks@toad.com
Message Hash: 8e0599055bff9b2c5b6301defcfc88c5f958c42ed9d2b0e113d22e76645cf9b5
Message ID: <19981211224423.A13974@lucifer.guardian.no>
Reply To: <XFMail.981211124103.mikeg@soonernet.com>
UTC Datetime: 1998-12-11 22:53:31 UTC
Raw Date: Sat, 12 Dec 1998 06:53:31 +0800
From: Alexander Kjeldaas <astor@guardian.no>
Date: Sat, 12 Dec 1998 06:53:31 +0800
To: cypherpunks@toad.com
Subject: Re: Linux Encrypted File Sytem
In-Reply-To: <XFMail.981211124103.mikeg@soonernet.com>
Message-ID: <19981211224423.A13974@lucifer.guardian.no>
MIME-Version: 1.0
Content-Type: text/plain
On Fri, Dec 11, 1998 at 12:41:03PM -0600, Mike Gorsuch wrote:
> Hey guys,
>
> I'm hoping that you guys can point me in the right direction. I
> have become very interested in the idea of an encrypted file system,
> rather than encrypting individual files. I read an article in the
> Linux Journal that talked about how to give Linux the support.
> Well, first I had to get the source for an older kernel, 2.0.30, and
> use the patches. It patched and compiled fine. Next I was supposed
> to patch mount. The problem I am facing is that the mount source
> will not take the patch right.
I'm maintaining the international kernel patch for Linux which aims to
collect all crypto-related features for the Linux kernel in one easy
patch. This patch is tracking the development version of Linux, not
the stable one. The patch is available from:
ftp://ftp.kerneli.org/pub/Linux/kerneli/v2.1/
The loopback modules currently supports the following ciphers: serpent
(cbc), mars (cbc), rc6 (cbc), dfc (cbc), blowfish (cbc), cast-128
(ecb), and twofish (cbc).
This code is changing rapidly, so if you feel uneasy about development
versions of the kernel, this might not be for you until it has become
a bit more stable.
> If anyone can help me on these two issues I would be very happy:
>
> 1) What source version of mount do I need to use?
>
If you patch linux-2.1.131 (the latest release) with
patch-int-2.1.131.1.gz you can look in the Documentation/crypto
directory for some mount-patches. However I intend to make a newer
patch with support for more of the cipher algorithms - and against the
latest util-linux.
> 2) Is there a way to get kernel 2.0.35 or later to use this support?
>
If you want to use the stable kernel, you can look at
ftp://ftp.kerneli.org/pub/Linux/kerneli/net-source/loop/ for a
collection of loop-crypto patches against 2.0.x.
You can also look into tcfs available at
ftp://ftp.kerneli.org/pub/Linux/kerneli/net-source/tcfs/
This is basically crypto-support for NFS which is more integrated than
CFS (the T in TCFS stands for 'transparent').
astor
--
Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway
http://www.guardian.no/
Return to December 1998
Return to “Mike Gorsuch <mikeg@soonernet.com>”