You are not logged in.

#1 2004-08-19 02:47:39

darose
Member
Registered: 2004-04-13
Posts: 158

[new package] cfs cryptographic file system (v1.4.1)

Nice security utility!  Lets you encrypt the data in a directory and then mount the directory unencrypted as needed.  (Or even just privately mount the directory and open a shell to it unencrypted for the length of the shell session.)  I find this app very useful.

NOTE:  can someone with sufficient permissions please fix my upload to incoming?  I messed it up.  Please do the following:
* remove cfs-1.4.1-1.tar.gz
* remove cfs-1.4.1-1b.tar.gz
* rename cfs-1.4.1-1.tar.gz[followed by a string of garbage characters] to cfs-1.4.1-1.tar.gz
Thanks!

PKGBUILD:

# CFS (Cryptographic File System)

# Contributor: David Rosenstrauch <darose@darose.net>

# Note: This PKGBUILD includes a patch from Debian
#       (http://ftp.debian.org/debian/pool/main/ … 14.diff.gz)
#       that fixes several bugs.
#
#       (The source is no longer supported upstream.)
#
#       Much gratitude to the Debian folks (particularly Gerrit Pape and Chris Leishman) for doing that heavy lifting!
#
#    And extra thanks to Gerrit for generously answering all my email questions!

pkgname=cfs
pkgver=1.4.1
pkgrel=1
debianpatchver=14
pkgdesc="Cryptographic File System.  CFS is an encrypting file system for Unix-like OSs."
url="http://www.crypto.com/software/"

license="custom"
# custom license:
#This is version 1.4 of CFS.
#
# * The author of this software is Matt Blaze.
# *              Copyright (c) 1992, 1993, 1994, 1995 by AT&T.
# * Permission to use, copy, and modify this software without fee
# * is hereby granted, provided that this entire notice is included in
# * all copies of any software which is or includes a copy or
# * modification of this software and in all copies of the supporting
# * documentation for such software.
# *
# * This software is subject to United States export controls.
# *
# * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED
# * WARRANTY.  IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY
# * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY
# * OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE.

depends=(portmap nfs-utils)
source=(http://www.crypto.com/software/$pkgname-$pkgver.tar.gz
    $pkgname_$pkgver-$debianpatchver.diff arch-dir-patch.diff cfsd cfs.conf)
install=cfs.install
#md5sums=()

build() {
  cd $startdir/src/$pkgname-$pkgver

  # apply Debian patch
  patch -Np1 < $startdir/$pkgname_$pkgver-$debianpatchver.diff

  # apply patch to use Arch standard dirs
  patch -Np2 < $startdir/arch-dir-patch.diff

#  ./configure --prefix=/usr
  make cfs || return 1
  make prefix=$startdir/pkg/usr install_cfs

  install -D -m755 ../cfsd $startdir/pkg/etc/rc.d/cfsd
  install -D -m755 ../cfs.conf $startdir/pkg/etc/cfs.conf
  install -D -d $startdir/pkg/var/lib/cfs/
  install -m0 -d $startdir/pkg/var/lib/cfs/.cfsfs
  install -D -d $startdir/pkg/var/cfs/
}

Offline

#2 2004-08-20 00:22:16

darose
Member
Registered: 2004-04-13
Posts: 158

Re: [new package] cfs cryptographic file system (v1.4.1)

Just curious:  has anyone checked this out?  If so, did you find it useful?

Offline

#3 2004-08-20 01:37:03

i3839
Member
Registered: 2004-02-04
Posts: 1,185

Re: [new package] cfs cryptographic file system (v1.4.1)

Why does it need portmap and nfs-utils? Is it using nfs or something? What are the advantages of this compared to dm-crypt?

Just curious...

Offline

#4 2004-08-25 02:10:27

darose
Member
Registered: 2004-04-13
Posts: 158

Re: [new package] cfs cryptographic file system (v1.4.1)

It is using NFS.

I actually don't know the advantage over dm-crypt - I've never heard of it or used it.  I'll list what I know are the pros of cfs; perhaps you can tell me if it's better or worse?

* CFS allows you to encrypt specific folders only
* CFS does not need to run in the kernel I don't think, it runs in user space
* CFS is pretty user friendly ("cmkdir" to make an encrypted dir; "cfssh" to use it)

How does that stack up to dm-crypt?

Offline

#5 2004-08-25 12:19:20

i3839
Member
Registered: 2004-02-04
Posts: 1,185

Re: [new package] cfs cryptographic file system (v1.4.1)

Dm-crypt works only on block devices, but it also works with loop devices, so you can use fs image files as wel. I never used dm-crypt, it works on top of dm, so I assume it's easy to make the file bigger when needed, only making it smaller is probably harder, depending on which fs you use. The advantage is that the filesystem structure is hidden (I assume that's not the case with cfs, as it uses nfs and is totally in user space). I think cfs is much easier to use, but that dm-crypt has less overhead and is more secure. They're just very different. What encryption cipher is cfs using? With dm-crypt you can choose between a lot.

The cfs site isn't very encouraging though:

CFS is an encrypting file system for Unix-like OSs. It uses NFS as its interface, and so is reasonably portable. The FS code dates back to 1989, and the crypto to 1992, so it is showing signs of age. This code should be regarded as completely unsupported; a complete rewrite will follow eventually.

Personally I'm waiting on Reiser4 with crypto (and compression) plugins support. Then it's a matter of doing something like "echo cryptoplugin > somedir/metas/plugins/crypto" to enable encryption on 'somedir' and "echo key > somedir/metas/key" to set the key and later get acces to that dir. I don't know the exact syntax, but it shouldn't be much harder than that.

Offline

#6 2004-08-25 15:20:33

darose
Member
Registered: 2004-04-13
Posts: 158

Re: [new package] cfs cryptographic file system (v1.4.1)

IIRC, I think that it can use DES, Triple DES, and maybe Blowfish too?

That Reiser encryption sounds nice, by the way!

DR

Offline

Board footer

Powered by FluxBB