[mike@halcrow.us: gnupgfs]
Florian Weimer
fw at deneb.enyo.de
Sat Aug 28 16:46:54 CEST 2004
* Michael Halcrow:
> So I need to put a subset of GnuPG into my filesystem to support this.
> I have made a first pass over RFC 2440, but it would be helpful if I
> could work with one or more GnuPG developers in doing the job right
> (assuming it can be done at all; I basically need to be able to jump
> to an offset in the file and start block encryption/decryption via
> kernel crypto API scatterlists).
The OpenPGP data format doesn't really support this. You'd have to
split your files into blocks of reasonable size. Each block has to be
encrypted independently, with a randomly chosen IV (if you use CBC
mode). You should change the IV and rencrypt the complete block each
time it is updated. I don't know of any encrypted file system
implementation which gets this right.
More information about the Gnupg-devel
mailing list