Re: [LI] Information on security desired...

[Swapan Sarkar <swapan@xxxxxxxxxxxxx>]

Here is a nice starting point to look for a solution to implement the
idea of Samir
http://cryptome.org/linux-drt.htm

<snippet>
So I decided to write a small overview of the different aproaches for
disk encryption. For myself I decided to use ppdd but I like ehd with
kernel loopback encryption too, because it makes using disk encription
on a system used by multiple persons very easy. Perhaps I should fiddle
with ehd to work with ppdd.
</snippet>

HTH
-swaps

Date: Tue, 12 Oct 1999 18:08:53 +0530 (IST)
From: samir agrawal <samira@xxxxxxxxxx>
Subject: Re: [LI] Information on security desired...

hi,
your problem set me thinking and thought this should not be that
difficult. I am not sure something like this exists butI am sure a file
system withthe following capabilties can be implemented rather easily.
assuming you are familiar with public key cryptography - simply stated
there are two keys, one public known to everybody and a private one only

known to you. the nice thing is that they are symmetric in the sense
that
messages encrypted with your public key can only be decrypted using your

private key only and vice versa.

so here is my idea.

1. Give every user a public and private key.

2. All data on the disk belonging to a user is encrypted using his
public
key.

3. when a user wants to access a file he will need his private key to
access it.

now there are issues related to key management, like how are sessions
and
session key managed so that the root or some other user get hold of the
key while you are using it.

I do not know of an implementation, but I think all this is very much
possible technically.

comments !

samir


--------------------------------------------------------------------
The Linux India Mailing List Archives are now available.  Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.