RFC: pefs - stacked cryptographic filesystem

oliverh

oliverh

Hello,

I would like to ask for feedback on a kernel level stacked cryptographic
filesystem. It has started as Summer Of Code'2009 project and matured a
lot since then. I've recently added support for sparse files and
switched to XTS encryption mode.

I've been using it to encrypt my home directory for almost a year
already, and use fsx, dbench and blogbench for testing. So it should be
fairly stable.

Tested on top of ZFS, UFS and tmpfs on amd64 and i386; both 9-CURRENT
and 8-STABLE supported.

Please email me separately if you're willing to help testing on big
endian machine, XTS code doesn't look endian correct.

At this point all of the project goals complete and I'd like it to get
wider coverage in terms of tests and reviews and hope to see it commited
to HEAD soon.
Click to expand...

http://lists.freebsd.org/pipermail/freebsd-current/2010-September/019691.html

Anybody tried this already?
 
Sorry to dig this up, but I wonder why no one commented on this great piece of software.

I've been using it for quite a while now in connection with pam_pefs so that I get individually encrypted home directories.

Earlier I used geli(8), but it is quite an annoyance if you want to build a family desktop computer, because it does not boot up until someone enters the password. Now, with PEFS, everyone has his own password for his/her own home directory.

Thank you for this. It works without flaws. I have just one problem, a How-To is missing how to set up PEFS+pam_pefs. I wrote one in German and was searching here if the official forums have one in English. The tutorial in the official wiki only explains how to encrypt a directory, not the whole process how to wire it up with PAM which is much more important for the essential use-case I mentioned above.
 
nakal said:
I wrote one in German and was searching here if the official forums have one in English.
Click to expand...

Could you please post the one you wrote in German. It sounds like something I would like to try tinkering with.
 
You must log in or register to reply here.
Back
Top