Date: Mon, 27 May 2002 13:53:10 +0300 From: Maxim Sobolev <sobomax@FreeBSD.org> To: Poul-Henning Kamp <phk@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/conf files src/sys/geom geom_aes.c Message-ID: <3CF21016.23978FDB@FreeBSD.org> References: <200205261814.g4QIEdg85920@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp wrote: > > phk 2002/05/26 11:14:38 PDT > > Modified files: > sys/conf files > Added files: > sys/geom geom_aes.c > Log: > Add a proof-of-concept encryption class. > > "The only hard problem in cryptography is key-management." > > All sectors are encrypted with AES in CBC mode using a constant key, > currently compiled in and all zero. > > To activate this module, write the magic header on the partition: > > echo "<<FreeBSD-GEOM-AES>>" | dd conv=sync of=/dev/md98 > > The encrypted device will be one sector shorter and have ".aes" > appended to its name. > > Sponsored by: DARPA & NAI Labs. Cool! I was just pondering idea of adding encryption to a file-backed md(4) to make it possible to do something like ports/security/cfs, but without rpc overhead. However, with this layer it would be possible to do it in much more generic way for any disk device. -Maxim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CF21016.23978FDB>