Hi all, I have a requirement for an encrpyted file system and would prefer to be going the ZFS route. The ''proper'' ZFS Encrpytion project looks a long way off. Understandable as it is clearly very very complicated to address all the possible use cases! The encrypted lofi project, xlofi aka Encrypted block devices, would probably suit my requirments fine. Sadly though there doesn''t seem to be any mention of it past November 2005. Has the project died or has it simply morphed into something else that I have missed? If it has died, could we have access to whatever was created? I am interested in working on developing this myself but obviously don''t want to re-invent anything that has already been done. Thanks David This message posted from opensolaris.org
On Wed, 2006-10-11 at 14:07 -0700, David Popeck wrote:> Has the project died or has it simply morphed into something else that > I have missed? If it has died, could we have access to whatever was > created?Darren is still actively working on this -- I was in a working meeting with him and some ZFS folks last week which was mainly a brain dump on the fine points of the ZFS I/O pipeline mechanism and how to fit in current and future encryption mechanisms; shortly thereafter he reported a few breakthroughs. - Bill
David Popeck wrote:> Hi all, > > I have a requirement for an encrpyted file system and would prefer to be going the ZFS route. > > The ''proper'' ZFS Encrpytion project looks a long way off. Understandable as it is clearly very very complicated to address all the possible use cases! > The encrypted lofi project, xlofi aka Encrypted block devices, would probably suit my requirments fine. Sadly though there doesn''t seem to be any mention of it past November 2005. > > Has the project died or has it simply morphed into something else that I have missed? If it has died, could we have access to whatever was created?It hasn''t died it is just that I''m trying to do lofi encryption and ZFS encryption work at the same time - along with doing lots of other stuff. The lofi work is basically very close to done. It currently uses AES_CBC though and I really don''t like that because it doesn''t give us any integrity protection. I want to switch it to using a mode of AES that will give us data confidentiality and integrity without expanding the data. We don''t have such a mode of AES implemented in the crypto framework''s software provider yet. As for ZFS crypto I''ve been making good progress this week and I''ll be posting new diffs and a status update next week sometime. -- Darren J Moffat
Thanks for replying so quickly Darren.> It hasn''t died it is just that I''m trying to do lofi > encryption and > ZFS encryption work at the same time - along with > doing lots of other stuff.I can see that will keep you busy!> The lofi work is basically very close to done. It > currently uses > AES_CBC though and I really don''t like that because > it doesn''t give us > any integrity protection. I want to switch it to > using a mode of AES > that will give us data confidentiality and integrity > without expanding > the data. We don''t have such a mode of AES > implemented in the crypto > framework''s software provider yet. > > As for ZFS crypto I''ve been making good progress this > week and I''ll be > posting new diffs and a status update next week > sometime.This is great news. I look forward to seeing them. Regards David This message posted from opensolaris.org
> It currently uses > AES_CBC though and I really don''t like that because > it doesn''t give us > any integrity protection. I want to switch it to > using a mode of AES > that will give us data confidentiality and integrity > without expanding > the data. We don''t have such a mode of AES > implemented in the crypto > framework''s software provider yet.Just re-reading this and wondered what mode you want to use? David This message posted from opensolaris.org