eCryptfs

I just get out of an excellence conference on [eCryptFS][]. For the first time, I see an encrypt filesystem that address, or at least seems to be concerned, with most of my issues for this kind of system. First of all, the policy is set seperatily through an external configuration files (the exact language still need to be address however). It support different encryption scheme and have a [OpenPGP][]-inspired format on disk, with necessary code to allow cyphertext-passthrough transfert, even to remote site. The format is a kind of stream of OpenGPG block, with content encrypted by block instead as a whole, but it should be easy to patch [GnuPG][] so that it’s able to decrypt such format. The reason for such a format is to allow fast dynamic verification, using convoluted hash of each block, allowing true random access to the file. It also has file-granularity encryption (contrarely to most encrypted filesystem) and used session key, allowing multiple authorative keys to each file (just like any gpg encrypted file). Briefly, it’s a strong competitor to [Microsoft EFS][] on MS Windows.

[eCryptFS]: http://ecryptfs.sourceforge.net/
[OpenPGP]: http://www.openpgp.org/
[GnuPG]: http://www.gnupg.org/
[Microsoft EFS]: http://www.microsoft.com/resources/documentation/Windows/XP/all/reskit/en-us/prnb_efs_qutx.asp

Publicités

A propos ninoles

Wordpress user and FOSS afionados.
Cet article a été publié dans english, linux. Ajoutez ce permalien à vos favoris.

Laisser un commentaire

Entrez vos coordonnées ci-dessous ou cliquez sur une icône pour vous connecter:

Logo WordPress.com

Vous commentez à l'aide de votre compte WordPress.com. Déconnexion / Changer )

Image Twitter

Vous commentez à l'aide de votre compte Twitter. Déconnexion / Changer )

Photo Facebook

Vous commentez à l'aide de votre compte Facebook. Déconnexion / Changer )

Photo Google+

Vous commentez à l'aide de votre compte Google+. Déconnexion / Changer )

Connexion à %s