[SunRescue] Encrypted file systems?

MagnusAbrantemagnus.abrante at sweden.sun.com MagnusAbrantemagnus.abrante at sweden.sun.com
Mon Sep 18 03:32:12 CDT 2000


There are two cryptic filesustems as i know of, you have Matt Blaze's 
CFS, which is available from http://www.cryptography.org (under main/
disk), then there is a commercial filesystem as well (i think), but i dont
remember which company who made it).

There is a patch for CFS if you want it to work on Solaris 7+, i found it
a while ago somewhere, nowadays its available from my homepage at
http://www.abrante.net/files/cfs-solaris-patch .

CFS uses a daemon which encrypts/decrypts the data for you, and you
attaches / detaches encrypted directories etc thru it. When you attach
something you have to supply the passphrase.

Errr, Matt Blaze has some papers which explains CFS in a clear way at 
ftp://ftp.research.att.com/dist/mab/ .

Then there are various ways to encrypt files, like zip, pgp etc :)

        //Magnus Abrante
/* This is my opinion and not the one of my empolyer */


> Linux has pretty robust support for encrypted file systems - however, I'm 
> trying to see if Solaris has anything similar?
> 
> I'm under NDA, so I have to be careful what I say :-) but let's imagine you 
> have some portable UltraSparc based machines ;-) let's also imagine that you 
> have some PCMCIA hard drives, that contain sensitive data.
> 
> Now, under Linux, I could create an encrypted volume (as a single file) on 
> that PCMCIA drive, and then, once the drive itself has been mounted, I could 
> mount the encrypted volume (having entered the approprite pass phrase, and 
> having the proper access to the right keys).
> 
> Anyone done something similar under Solaris? The trick, as I can see it (and I 
> may be wrong) is that Linux has kernel support for encryption algorithms that 
> are used by the loopback device when creating the encrypted volume.
> 
> How does Solaris deal with that? Would you need kernel support, or can the 
> loopback device support different cyphers directly?
> 
> As you can see, I'm a bit at sea on this one ;-) Any help is *really* 
> gratefully recieved...
> 
> Thanks,
> TOM
> 
> --
> Tom Kranz - tom at nipltd.com
> Systems Administrator, New Information Paradigms Ltd.
> My opinions are my own, not NIP's, and not my cat's.
> 
> _______________________________________________
> Rescue maillist  -  Rescue at sunhelp.org
> http://www.sunhelp.org/mailman/listinfo/rescue





More information about the rescue mailing list