Encrypted file system in hosted Inferno?

92 views
Skip to first unread message

Paul Lalonde

unread,
Feb 27, 2009, 8:58:04 PM2/27/09
to acme...@googlegroups.com
I carry a USB stick with acme-sac on it, and use it as "work
anywhere" portable environment; hosted means I get to work on PCs,
Macs, whatever I keep emu around of. Sweet.

I now need to keep much of the drive contents encrypted. It would be
very useful if I could keep an entire file system tree in a hosted
file. Is there such a file server kicking around? I'm happy to use
cp within Inferno to manage host/stick file transfers.

I keep getting the impression I should be able to do something
equivalent in 10 lines of shell script, but I'm insufficiently
Inferno-savvy to figure it out.

Thanks,
Paul

Arvindh Rajesh Tamilmani

unread,
Feb 28, 2009, 12:37:17 AM2/28/09
to acme...@googlegroups.com
> I now need to keep much of the drive contents encrypted.

pipefs(4) could be used to read / write from an encrypted directory tree.
from my $home/lib/profile:

(pipefs -c -r 'crypt -d -k keyfile'
-w 'crypt -k keyfile'
/encrypted/dir /n/decrypted)

keyfile contains the key in plain text and needs protection.

> It would be very
> useful if I could keep an entire file system tree in a hosted file.  Is
> there such a file server kicking around?

kfs(4), but i have not attempted an encryption setup using this.

arvindh

Paul Lalonde

unread,
Feb 28, 2009, 12:55:30 AM2/28/09
to acme...@googlegroups.com
Pipefs doesn't quite do enough - the names of the themselves files
are sensitive.

Encrypting the kfs file would suffice, but for the hassle of
encrypting/decrypting each session.

I'll look at how bad it is to write a block-encrypting server to sit
under the kfs file.

Paul

Arvindh Rajesh Tamilmani

unread,
Feb 28, 2009, 1:58:02 AM2/28/09
to acme...@googlegroups.com
> Pipefs doesn't quite do enough - the names of the themselves files are
> sensitive.
>
> Encrypting the kfs file would suffice, but for the hassle of
> encrypting/decrypting each session.

after creating a kfs(4) file, mounting it in $home/lib/profile works for me.

mount -c {disk/kfs -n secretfs /host/kfs/file}
/n/encrypted-fs


(pipefs -c -r 'crypt -d -k keyfile'
-w 'crypt -k keyfile'

/n/encrypted-fs /n/decrypted-fs)

at the end of the profile, the file systems may need to be
unmounted / synced (disk/kfscmd -n secretfs sync).

arvindh

Paul Lalonde

unread,
Feb 28, 2009, 4:31:29 AM2/28/09
to acme...@googlegroups.com
Ah, that's very nice. It's unfortunate that it leaves the file
system data (filenames, tree) in the clear. But this is enough to
get me started.

Now for an "I feel like dunce" moment: Under acme-sac 0.31 on OS-X I
can't seem to type ^d for end-of-file, or ^c or del for break; my
habit of cat > foo causes me some consternation. What am I doing wrong?

Paul

Mechiel Lukkien

unread,
Mar 1, 2009, 12:00:43 PM3/1/09
to acme...@googlegroups.com

i had that idea too when i wrote this:

http://www.ueber.net/code/r/cryptfile

i'm still waiting for enough insight to make the shell script...
anyway, i think all info/warnings are at the url.

mjl

Reply all
Reply to author
Forward
0 new messages