On Sat, 10 May 2003, Thomas Klausner wrote:

> On Thu, May 08, 2003 at 01:15:45PM +0530, Kamal R Prasad wrote:
> > you may want to try writing a cryptographic file system instead.
> > this would involve layering a filesystem over another ( and though Im not
> > sure how), some work has been done on this at UCLA.
>
> We already have cgd(4) for this in NetBSD-current.

No, cgd is a cryptographic device, not a file system. A cryptographic file
system would encrypt the data in the files, but not necessarily the meta
data. Also, a cryptographic file system could use different keys for
different users.

A file system would be more for a case where physical security isn't a
strong issue but protecting one user from another is. cgd is best for a
case where protecting one user from another isn't a big deal, but phsyical
security is.

cgd is great for your laptop in case it gets stollen. A cryptographic file
system is great for a file server that needs to protect data from
different users. Say a computing center that performes service work
(computations, simulations) for competing companies.

They both have their place.

Take care,

Bill