eCryptfs now in SF CVS; seeking advice on GnuPG integration

[Michael Halcrow]

I am attempting to implement PGP-ish functionality at the VFS layer in
the Linux kernel.  My primary goal is to make the encryption and
decryption as transparent as humanly possible to the end user.  I have
made an initial release of my prototype code to the SourceForge CVS
repository:

http://sourceforge.net/projects/ecryptfs

I have passphrase and public-key based encryption working at this
point, and I would now like to integrate eCryptfs with GnuPG
keyrings.  Specifically, I would like the ecryptfsd daemon to prompt
the user with a dialog box menu of available public keys in the user's
.gnupg/pubring.gpg file.  The user would select the public keys from
that list that he wishes to use for the file being created, and then
those keys are used to encrypt the file's session key, and so on.  Of
course, this will be in addition to pre-set public keys, based on an
.ecryptfsrc policy file at the target location (i.e., sets of key
identifiers that describe which keys will be used to encrypt the
session keys of the files written at any given location).

By the way, if anyone has any cool ideas of how to better integrate
eCryptfs with GnuPG, I'm all ears.  And if anyone has any suggestions
on making eCryptfs more secure, better performing, or more stable,
feel free to chime in.

Thanks,
Mike
.___________________________________________________________________.
                         Michael A. Halcrow                          
       Security Software Engineer, IBM Linux Technology Center       
GnuPG Fingerprint: 05B5 08A8 713A 64C1 D35D  2371 2D3C FDDA 3EB6 601D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20050406/29048489/attachment.pgp