In kernel stacked cryptographic filesystem (pefs)

FreeBSD supports only whole filesystem encryption at device level (with GELI or GBDE), but lacks in kernel cryptographic filesystem that can be used transparently atop of other filesystem. Some progress has been seen here recently with userlevel cryptographic filesystems, but userlevel implementations are slow and relay and 3rd party software not included in base system (namely fuse kmod and library). I propose to implement in kernel cryptographic filesystem utilizing stackable VFS layers (like nullfs+crypto).

Sources repository: http://github.com/glk/pefs

Howto encrypt directory: http://glebkurtsou.blogspot.com/2009/10/encrypting-private-directory-with-pefs.html

Cryptographic primitives used: http://glebkurtsou.blogspot.com/2009/09/pefs-crypto-primitives.html

Benchmark: http://glebkurtsou.blogspot.com/2009/09/pefs-benchmark.html

Milestones

SOC2009GlebKurtsov (last edited 2010-01-17 11:07:51 by GlebKurtsov)