you may want to try encrypting/decrypting in mpage_writepage/mpage_readpage and maintaining keys in inode/as extended attributes.
On Wed, Jul 10, 2013 at 10:39 PM, <[email protected]> wrote: > On Wed, 10 Jul 2013 21:32:22 +0800, <[email protected]> said: > > > I wanna encrpto some data in kernel, and these encrypto data storage > > on disk .i should decrypt data before system call trasmit to user mode. > > then what should i do ? how to get encrypt data ? > > I wanna intercept write function(kernel), when this function got > > encrypt data i will decrypt. > > This will probably not end well, as crypto is a lot harder to get right > than > it looks. > > What threat model are you trying to defend against with the encrypted data? > What data are you encrypting, and who are you trying to keep it away from? > > The biggest problem is the secure storage and management of crypto keys. > You're almost certainly better off using the in-kernel keyring code instead > of trying to do this yourself. Also see the various TPM support code. > > And it's possible that what you *really* wanted to use is the userspace > cryptLUKS code or TrueCrypt or similar - it's hard to tell what you're > trying to do. > > _______________________________________________ > Kernelnewbies mailing list > [email protected] > http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies > >
_______________________________________________ Kernelnewbies mailing list [email protected] http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
