Kernel level cryptographic filesystem (GSoC)

Gleb Kurtsou has been working this summer working on FreeBSD kernel level cryptographic filesystem pefs as part of the Google Summer of Code. He thinks the project is now mature enough for public review and comments.

I’m using it to encrypt my mailbox for some time already without any issues. For testing I use mostly dbench and fsx tools.

Some of pefs features (comparing to other stacked filesystems):

  • Kernel level implementation (no fuse and similar stuff)
  • Random per file tweak value used for encryption
  • Saves metadata only in encrypted file name (doesn’t change file¬†content)
  • Doesn’t change encrypted file size
  • Arbitrary number of keys
  • Mixing files encrypted with different keys in single directory
  • Transparent mode of operation (no encryption, read-only, allows¬†accessing filesystem snapshots easily)
  • Key chaining (though user level utility)
  • Modern encryption algorithms (AES and Camellia in CTR mode, Salsa20)

To read more about the project and how to download/test it, check this email or Gleb’s blogposts (incl performance benchmarks)

One thought on “Kernel level cryptographic filesystem (GSoC)

  1. Pingback: gugaBSD » FreeBSD: Criptografia de sistema de arquivo no kernel

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>