Hi Alon,
You commented that decryption would be slow on decryption of individual
pages. This is not the case. Here is a brief description of the keys used
for encryption/decryption in eCryptfs.
1) When eCryptfs is mounted a session encryption key is loaded into the
kernel key ring. This key can either be a symmetric key used for in kernel
encryption/decryption or a pki key.
2) Each file has it's own file encryption key which is generated when the
file is created. This key is encrypted with the session encryption key and
written to the file header. Currently the file encryption key is a
symmetric key that is to be used. This allows us to do
encryption/decryption of the file with the in kernel crypto api. This keeps
the overhead of file encryption/decryption to a minimum.
The only time a public key decryption will occur is at the time each file is
loaded. After that the file encryption key will be kept in the crypt_stat
for the file.
With respect to security this is a normal practice. One quick example is an
SSL web session. An SSL session is initially negotiated with the use of a
certificate and a-symmetric encryption. In this negotiation a symmetric key
is generated which is used for all communication after the negotiation
completes.
Do you have a problem with the way encryption/decryption of individual files
is done?
Trevor
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
eCryptfs-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ecryptfs-devel
