Cryptographic Filesystem

Yesterday’ve been playing around with CFS in my Ubuntu. I’ve never tried a cryptographic filesystem before, altough I knew there were many flavours laying out there.

CFS has two main advantages, as far as I know:

  • It doesn’t require any special kernel patch (at least, not for Ubuntu), because it uses NFS to do loopback mounting of crypted directories.
  • It uses directly the underlying filesystem, avoiding the need of creating fs images to mount by loopback. Crypted directories and files are mapped to normal directories and files with its name and contents crypted.

The package provides some utilities:

  • cmkdir: Creates and initializes a crypted directory on the host filesystem.
  • cattach: Attaches a crypted directory, making it available (as cleartext) under /crypt/*.
  • cdetach: Dettaches a previously mounted crypted directory.

I’ve tried CFS successfully, and added it to my list of useful tools. It’s clean, easy and powerful. 🙂