Friday, December 25, 2009

ecryptfs - some thoughts on network device appliance usage

There are many cryptography file systems in Linux. But 'ecryptfs' is made into the Almost all distributions support ecryptfs today. Due to this, my belief is that many appliance vendors are using this file system to store the files encrypted.

Network appliances such as WAN optimization devices requiring storage of confidential information in secure form can use this file system to store files in encrypted form.

There are multiple utilities provided to configure file system with different security parameters. It supports x.509 certificates (RSA) for encrypting and decrypting the encryption key for each file that is being written in this file system. This file system is really a wrapper file system on top of existing file systems such as EXT2 and EXT3. You can have multiple of ecryptfs file systems on one existing file system. Create a directory and make it as 'ecryptfs'. Any file that is written on to this directory is encrypted. You can get ecryptfs utilities here.

It appears from the source code, each file that is being written into the crypto file system can have its own encryption key. It makes use of keyring facility provided by Linux Kernel to store keying material.

How can crypto file systems be used by appliances. Appliances unlike typical users are not attended all the time. They are expected to be up all the time. They are expected to start themselves in case of any failures.

'ecryptfs' when it gets started is expected to be provided with the key information such as RSA private key. To ensure that this private key is not visible for any thief assuming that laptop is stolen, this private key is normally encrypted with passphrase. This passphrase is a secret which is expected to be entered by the user when laptop is powered up. User providing the passphrase works fine for laptop cases. But this is not the case for appliances which are not monitored. If passphrase is not used, then RSA private key is in clear. If the appliance is stolen, then the private key can be read, therefore, the complete file system. I guess basic purpose of encrypted file system is lost. So, it is expected that RSA private key is not stored in the same appliance device. I suggest to have RSA key pair on external (but protected physically) machine and mounted on local machine. Since RSA key pair is not on the appliance, even if it stolen, information is secure.

Usage of 'ecryptfs' can be found here:

No comments: