file-level encryption in userland with HAMMER{2}?
Matthew Dillon
dillon at apollo.backplane.com
Tue Jul 9 17:00:32 PDT 2013
:It would be nice if there is any interesting implementation of both
:block-level encryption at admin-level and file-level encryption
:(something like ciphertite) in userland with HAMMER{2}.
:
:Appreciate some inputs. Thanks!
:
:PS: Desperately waiting for HAMMER2, any updates, please?!
It's still a long way off in terms of clustering and mirroring but the
core filesystem will be usable in a stand-alone mode with certain
restrictions in the next few months.
There are three major pieces still needed for stand-alone operation.
Two related to the free block table (including the code to actually
free blocks :-)), and a solution for a known hardlink bug related to
renaming directories. Secondary issues are /boot support (not critical,
even hammer1 doesn't really have working boot support), and some sort of
catastrophic recovery utility.
In terms of encryption, the media spec has support for it. Nothing is
currently implemented. It will be fairly easy to encrypt the actual
file contents. Encrypting the inodes and filenames at the filesystem
level requires a bit more thought. I think we could encrypt filenames
without too much effort but encrypting the inodes (at the filesystem
level) might be a bit too much. Also, encrypting the directory hash
keys (a 64 bit quantity) might also create too many issues though I can
see how it could be done.
An encryption implementation would make use of hammer2's configuration
entry space, which supports 255 configuration slots used for various
things (such as specifying where the copies are when the copies mechanism
is used). Slots could be used to store up to 512-bit master keys
(encrypted with an unlocking password) and the unlocked master keys
could then be used to encrypt/decrypt data. The mechanics are fairly
straight-forward. The Hammer2 compression GSOC project infrastructure
can be expanded later on to also accomodate encryption and decryption.
-Matt
Matthew Dillon
<dillon at backplane.com>
More information about the Users
mailing list