13 lines
874 B
Text
13 lines
874 B
Text
CFS pushes encryption services into the UN*X file system. It supports
|
|
secure storage at the system level through a standard UN*X file system
|
|
interface to encrypted files. Users associate a cryptographic key with the
|
|
directories they wish to protect. Files in these directories (as well as
|
|
their pathname components) are transparently encrypted and decrypted with
|
|
the specified key without further user intervention; cleartext is never
|
|
stored on a disk or sent to a remote file server. CFS employs a novel
|
|
combination of DES stream and codebook cipher modes to provide high
|
|
security with good performance on a modern workstation. CFS can use any
|
|
available file system for its underlying storage without modification,
|
|
including remote file servers such as NFS. System management functions,
|
|
such as file backup, work in a normal manner and without knowledge of the
|
|
key.
|