'Re: [fuse-devel] AES encrypted filesystem.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fuse-devel
Subject:    Re: [fuse-devel] AES encrypted filesystem.
From:       Nikolaus Rath <Nikolaus () rath ! org>
Date:       2017-06-15 16:27:36
Message-ID: 878tktjjwn.fsf () thinkpad ! rath ! org
[Download RAW message or body]

On Jun 15 2017, Irad K <iradization-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> Hi Nikolaus and thank your for your response.
>
> Here are the specific challenges I'm currently facing with :
>
> 1. *How to pass the AES key for encrypting/decrypting*. I want to be able
> to allow certain processes read / write the data after encryption. However,
> when calling the system call read / write /mmap, none of them contain extra
> argument for supplying the AES block key (the symmetric key). Therefore, I
> need to communicate the filesystem about the key and whose process does it
> belong. I also want that this channel to be secure and make it hard to
> eavesdrop by unwanted entities. Do you have any idea how to do it ?

That seems pointless to me. If, in the ideal case, you want the process
to supply the key in the read/write call, why can't the process simply
do the encryption itself? That will be faster and less complex to
implement. For example, you could write a small library that provides
read_encrypted() and write_encrypted() functions with exactly the
semantics that you want.

> 2. *On which software layer to perform the decryption/encryption.* the
> Osxfuse API contain 2 APIs as explain in the documentation :  a
> "high-level", synchronous API, and a "low-level" asynchronous API. I've
> read the documentation, but I'm still not sure I fully understand the
> difference between them.
> which I/F did you use in your implementation

What implementation do you mean? Did you take a look at the examples/
directory in libfuse? It contains a passthrough filesystem implemented
once using the high- and once using the low-level API. That might help.


Best,
-Nikolaus

-- 
GPG Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F

              »Time flies like an arrow, fruit flies like a Banana. «

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
-- 
fuse-devel mailing list
To unsubscribe or subscribe, visit https://lists.sourceforge.net/lists/listinfo/fuse-devel

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic