From owner-cvs-all  Mon May 27  3:53: 0 2002
Delivered-To: cvs-all@freebsd.org
Received: from sdns.kv.ukrtel.net (sdns.kv.ukrtel.net [195.5.27.246])
	by hub.freebsd.org (Postfix) with ESMTP
	id AB1B337B400; Mon, 27 May 2002 03:52:52 -0700 (PDT)
Received: from vega.vega.com (195.5.51.243 [195.5.51.243]) by sdns.kv.ukrtel.net with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
	id LXPB3M5C; Mon, 27 May 2002 13:54:46 +0300
Received: from FreeBSD.org (big_brother.vega.com [192.168.1.1])
	by vega.vega.com (8.11.6/8.11.3) with ESMTP id g4RAqkc45386;
	Mon, 27 May 2002 13:52:46 +0300 (EEST)
	(envelope-from sobomax@FreeBSD.org)
Message-ID: <3CF21016.23978FDB@FreeBSD.org>
Date: Mon, 27 May 2002 13:53:10 +0300
From: Maxim Sobolev <sobomax@FreeBSD.org>
Organization: Vega International Capital
X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U)
X-Accept-Language: en,uk,ru
MIME-Version: 1.0
To: Poul-Henning Kamp <phk@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/conf files src/sys/geom geom_aes.c
References: <200205261814.g4QIEdg85920@freefall.freebsd.org>
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

Poul-Henning Kamp wrote:
> 
> phk         2002/05/26 11:14:38 PDT
> 
>   Modified files:
>     sys/conf             files
>   Added files:
>     sys/geom             geom_aes.c
>   Log:
>   Add a proof-of-concept encryption class.
> 
>   "The only hard problem in cryptography is key-management."
> 
>   All sectors are encrypted with AES in CBC mode using a constant key,
>   currently compiled in and all zero.
> 
>   To activate this module, write the magic header on the partition:
> 
>           echo "<<FreeBSD-GEOM-AES>>" | dd conv=sync of=/dev/md98
> 
>   The encrypted device will be one sector shorter and have ".aes"
>   appended to its name.
> 
>   Sponsored by: DARPA & NAI Labs.

Cool! I was just pondering idea of adding encryption to a file-backed
md(4) to make it possible to do something like ports/security/cfs, but
without rpc overhead. However, with this layer it would be possible to
do it in much more generic way for any disk device.

-Maxim

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message