From: Alexander Kjeldaas <astor@guardian.no>
Date: Sat, 12 Dec 1998 06:53:31 +0800
To: cypherpunks@toad.com
Subject: Re: Linux Encrypted File Sytem
In-Reply-To: <XFMail.981211124103.mikeg@soonernet.com>
Message-ID: <19981211224423.A13974@lucifer.guardian.no>
MIME-Version: 1.0
Content-Type: text/plain



On Fri, Dec 11, 1998 at 12:41:03PM -0600, Mike Gorsuch wrote:
> Hey guys,
> 
> I'm hoping that you guys can point me in the right direction.  I
> have become very interested in the idea of an encrypted file system,
> rather than encrypting individual files.  I read an article in the
> Linux Journal that talked about how to give Linux the support.
> Well, first I had to get the source for an older kernel, 2.0.30, and
> use the patches.  It patched and compiled fine. Next I was supposed
> to patch mount.  The problem I am facing is that the mount source
> will not take the patch right.

I'm maintaining the international kernel patch for Linux which aims to
collect all crypto-related features for the Linux kernel in one easy
patch.  This patch is tracking the development version of Linux, not
the stable one.  The patch is available from:

ftp://ftp.kerneli.org/pub/Linux/kerneli/v2.1/

The loopback modules currently supports the following ciphers: serpent
(cbc), mars (cbc), rc6 (cbc), dfc (cbc), blowfish (cbc), cast-128
(ecb), and twofish (cbc).

This code is changing rapidly, so if you feel uneasy about development
versions of the kernel, this might not be for you until it has become
a bit more stable.

> If anyone can help me on these two issues I would be very happy:
> 
> 1) What source version of mount do I need to use?
> 

If you patch linux-2.1.131 (the latest release) with
patch-int-2.1.131.1.gz you can look in the Documentation/crypto
directory for some mount-patches.  However I intend to make a newer
patch with support for more of the cipher algorithms - and against the
latest util-linux.

> 2) Is there a way to get kernel 2.0.35 or later to use this support?
> 

If you want to use the stable kernel, you can look at
ftp://ftp.kerneli.org/pub/Linux/kerneli/net-source/loop/ for a
collection of loop-crypto patches against 2.0.x.

You can also look into tcfs available at 
ftp://ftp.kerneli.org/pub/Linux/kerneli/net-source/tcfs/
This is basically crypto-support for NFS which is more integrated than
CFS (the T in TCFS stands for 'transparent').

astor

-- 
 Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway
 http://www.guardian.no/