CryptoFS
Details
| Size: | 341K |
| Last Update: | 2008-05-22 22:03:46 |
| Version: | 0.5.2 |
| OS Support: | Linux |
| License/Program Type: | GPL (GNU General Public License) |
| Publisher: | Christoph Hohmann |
| Price: | $0.00 |
Description:
CryptoFS 0.5.2 is filesystems software developed by Christoph Hohmann.
CryptoFS project is a encrypted filesystem for the Linux Userland FileSystem.
CryptoFS will use a normal directory to store files encrypted. The mountpoint will contain the decrypted files. Every file stored in this mountpoint will be written encrypted (data and filename) to the directory that was mounted.
If you unmount the directory the encrypted data can only be access by mounting the directory with the correct key again. Like other LUFS filesystems it does not need root access or any complicated setup like creating a filesystem on a encrypted disk using the loop device.
This package will create a shared library that can be used by LUFS's lufsd to mount a directory containing encrypted data to another directory.
I first used the evfs kernel patch that does nearly the same thing as CryptoFS. But it seems that it has been abandoned. The last patch was available for kernel 2.4.20 and has not been updated for newer kernels since then.
When I found LUFS I thought I could be a good base for a crypto filesystem that works like evfs and allows a user to mount any directory as an encrypted storage without having root access and creating a crypto filesystem using the loop device. So when I found no other program that offers this posibilities I started to write my own filesystem for LUFS.
Usage
Put the shared library into a directory where the system linker can find it (this will usually be done by "make install") or add the directory to the search path by setting the LD_LIBRARY_PATH environment varibale.
First you have to set up the source directory by copying the file cryptofs.conf to /.cryptofs. You can adjust the values in the file, but the default should work fine.
After that you can mount the source directory with lufsmount cryptofs://
You will be asked for the password you want to use for this filesystem. It will be used to generate the cipher key.
After that you should be able to use the directory like any other directory, but all data will be read and written to the directory in an encrypted form.
Encryption
When a filesystem is mounted CryptoFS first generates a key for the requested cipher algorithm (CRYPTOFS::cipher) using the message digest function (CRYPTOFS::md). Every algorithm has a specific key size and every message digest function has a specific length of the generated message digest. If the message digest size is smaller then the keysize the message digest will be repeated until the key size is reached.
After they primary key has been generated CRYPTOFS::salts subkeys (initialization vectors) will be generated by encrypting 0 bytes with a 0 initialization vector. These will later be used to encrypt blocks with different subkeys to make sure the cipher text will first repeat after (salts blocksize) bytes (If the same data is encrypted).
When files or links are created or renamed the name will be encoded with the selected cipher, the primary key and the first subkey. The result will then be encoded using a modified Base64 algorithm because the encrypted filename could contain characters that are not allowed by the target filesystem. (The original Base64 algorithm uses '/' for encoding. This is the directory delimiter so it was replaced by '_')
When files are written the data will be encrypted. CryptoFS always has to write full blocks. So if only a part of a block should be written the original block will first be read, decrypted, the part replaced and then the result then written encrypted back to disk. To keep this performant that block size must not be too large.
But to make sure the cipher text does not repeat to early, CryptoFS uses salts to encrypt blocks. Every block will be encoded with the (blocknumber module salts)th salt. (NOTE: Linux always reads or writes "pages" of size 4096 bytes, these writes will be forwarded by lufsd to CryptoFS. So if you use a blocksize of 4096 bytes reading the old block before writing can be omitted and writing should be faster).
Requirements:
You have to install the LUFS package
Libgcrypt (version >= 1.1.44)
GLib (version >= 2.2)
What's New in This Release:
Two bugs that made the config file appear in FUSE mountpoints and that made it possible to accidently overwrite the config file from the mountpoint were fixed.
CryptoFS 0.5.2 supports english interface languages and works with Linux.
Downloading CryptoFS 0.5.2 will take several seconds if you use fast ADSL connection.
0 comments
Add to
CryptoFS Version History
Related Software
|
|
From category: Networking |
| 6tunnel 0.11 is networking software developed by Wojtek Kaniewski. 6tunnel allows you to use services provided by IPv6 hosts with IPv4-only applications and vice-versa. It can bind to any of your I... |
|
|
From category: Operating-Systems-Linux-Distri |
| BLAG Linux And GNU 50002 is operating systems linux distri software developed by BLAG Team. BLAG is a Linux distribution based on Fedora Core and reduced to one CD. BLAG Linux Distribution includes... |
|
|
From category: Operating-Systems |
| Absolute Linux is a lightweight modification of Slackware.... |
|
|
From category: Installer-Setup |
| EPM 4.0 is installer/setup software developed by Michael Sweet. EPM package is a free UNIX software/file packaging program that generates distribution archives from a list of files. EPM Can: \... |
|
|
From category: Hardware |
| btrcv 0.2 Beta2 is hardware software developed by Ulrik Sverdrup. btrcv is a python wrapper for gnome-obex-server. btrcv project loads gnome-obex-server in the background and presents a small wi... |
|
|
From category: Operating-Systems-Linux-Distri |
| Berry Linux 0.76 is operating systems linux distri software developed by YUICHIRO NAKADA. Berry Linux is a bootable CD Linux with automatic hardware detection and support for many graphics cards, s... |
|
|
From category: Monitoring |
| akk@da 0.70 is monitoring software developed by Piotr Kodzis. akk@da is a simple network monitoring system designed for small and medium size computer networks. Its purpose is to quick detect syste... |
|
|
From category: Networking |
| Basic Analysis and Security Engine 1.2 is networking software developed by Kevin Johnson. BASE is the Basic Analysis and Security Engine. It is based on the code from the Analysis Console for Intru... |
|
|
From category: Boot |
| Syslinux is a collection of boot loaders for the Linux operating system.... |
|
|
From category: System-Administration |
| CPAN+changelog 1.33 is system administration software developed by Matthias Ferdinand. If you are administrator for a Perl installation and you use CPAN for updating Perl modules, then this softwar... |
|
|
From category: Filesystems |
| devfsd 1.3.25 is filesystems software developed by Richard Gooch. The devfsd program is a daemon, run by the system boot, which can provide for intelligent management of device entries in the Devic... |
|
|
From category: Networking |
| DNS Blacklist Packet Filter 0.6 Beta1 is networking software developed by Russell Miller. DNS Blacklist Packet Filter project is a Linux netfilter client that decides whether to accept or drop pack... |
|
|
From category: Monitoring |
| EmailScan 0.12 is monitoring software developed by Mat Kovach. EmailScan scans incoming multipart email for bad file types, filenames, and virii using procmail. EmailScan is yet another sca... |
|
|
From category: Monitoring |
| encrypt 0.8 is monitoring software developed by Suso Banderas. encrypt turns any plaintext word into an encrypted string in a variety of ways, including reading a random word from a file. It can be... |
Leave a comment