RFC: pefs - stacked cryptographic filesystem

Ivan Voras ivoras at freebsd.org
Tue Sep 7 21:08:06 UTC 2010

On 7 September 2010 22:05, Gleb Kurtsou <gleb.kurtsou at gmail.com> wrote:
> On (07/09/2010 16:27), Ivan Voras wrote:
>> On 09/06/10 20:38, Gleb Kurtsou wrote:
>> > Hello,
>> >
>> > I would like to ask for feedback on a kernel level stacked cryptographic
>> > filesystem. It has started as Summer Of Code'2009 project and matured a
>> > lot since then. I've recently added support for sparse files and
>> > switched to XTS encryption mode.
>> I've tried it and so far it works :)
>> > 3. Mount pefs filesystem:
>> > # pefs mount ~/Private ~/Private
>> I see you've used the same example in the man page. Maybe it would be
>> better for educational purposes to use two separate directories, e.g.
>> ~/Private and ~/Decrypted to avoid confusion by new users (of course not
>> all examples need to use this).
> Actually I've used the same directory solely for educational purposes --
> there is just one directory, it's either encrypted or not.

The other directory is a mount point - this is what I was aiming at.

> If user enters k1, the following chain can be retrieved from the
> database: k1 k2 k3. All three keys are then added to filesystem.
> In case of k2 chain is k2 k3.
> All entries stored encrypted in a way that child entry can be decrypted
> only by parent key.
> Using key chains one can emulate access levels.

I don't know if it is cryptographically sound but it seems like too
much trouble :)

>> > 7. You can setup pam_pefs (not compiled by default) to add key to home
>> > directory and authenticate against keychain database on login, e.g. by
>> > adding the following line to /etc/pam.d/system before pam_unix.so:
>> >
>> > auth        sufficient      pam_pefs.so     try_first_pass
>> So, this would bypass passwd and let the user in if his password
>> authenticates against the "keychain database" in his home directory?
> Exactly, that's the way I use it. More detailed description available
> here: http://marc.info/?l=freebsd-current&m=128388197901390&w=2
>> Will it automagically pefs-mount his home directory?
> No, not mounting pefs is intentional. It automagically adds keys to
> already mounted pefs filesystem.

Ok, so for example on a desktop client, a pefs-protected home
directory would always be mounted from fstab, and then decrypted on
login. Makes sense.

More information about the freebsd-current mailing list