Subject: Re: TCFS package update mistake
To: Jeremy C. Reed <reed@reedmedia.net>
From: VaX#n8 <vax@carolina.rr.com>
List: tech-pkg
Date: 05/13/2004 15:18:19
>Please point me to some documentation on how I can quickly test it after
>it is installed.

Roughly:

# modload /usr/pkg/lkm/tcfs.o
# mkdir /mnt/tcfs_exp /mnt/tcfs
# mount_tcfs /mnt/tcfs_exp /mnt/tcfs
$ tcfsputkey -k -p /mnt/tcfs # then enter a key
$ cd /mnt/tcfs
$ echo "Hello World" > first
$ cp first second
$ tcfsflag x first # that marks first as being encrypted
$ cat first # should work
$ tcfsrmkey -p /mnt/tcfs # this takes the key away
$ cat first # should fail
$ cat second # should work

For more info, see:
ftp://ftp.tcfs.it/pub/tcfs/NetBSD/2000-04-26/tcfsbsd-primer.pdf

>I'd like to have a password-protected to keep my SSH keys and other data
>for a laptop.

Okay I should warn you that the TCFS people considered this a beta,
for development use only.  I haven't used it extensively, just
enough to know that it works.  Neils Provos said he had some problems
with it.  There's one bugfix out there but I don't understand what
it is doing enough to make that change yet.  I'm committed to
finding all relevant bugfixes (perhaps from TCFS's OpenBSD port,
which is newer) and integrating them, as soon as I understand that
they're actually fixing things.

So, I'd keep a backup copy on floppy or your desktop or something,
at least until we gain confidence with it.