I use cfs from pkgsrc (blowfish and 3des) and it works ok.

CFS has lots of warts, but two key properties.  One is you can move
the ciphertext around, and back it up.  I can attach CFS cipherdirs on
different operating systems.  The second is that the ciphertext can be
anywhere, local fs, nfs, or in coda.

  2) NCryptfs - kernel level stackable file system.  Compiles on FreeBSD, I'm
  working on portage to NetBSD.  I've basically done some transformations on
  FreeBSD's nullfs and done a diff to know what I have to do on NetBSD.
  It's not clear to me if I need to include the vnops createvobject,
  destroyvobject, getwritemount, and rename, as they do not exist in
  nullfs (which is what I'm basing the templates on).  Can these
  operations even be called in NetBSD?

You could make then just error with EOPNOTSUPP and a printf and see
what happens.  I don't see createvobject/destroyvobject in 'man
vnode'.  rename sounds necessary - what happens when 'mv a b' happens
in the plaintext directory?

Good luck with TCFS; it sounds like that might be the best way
forward.  I would suggest that you first update to 1.6.1 or current
and then port it, but this is a selfish suggestion as then it's easier
for me (and many others) to benefit from your efforts.

It's also tempting to reimplement CFS with some sort of portal fs,
where the vnodeops get pushed to userspace (like coda's kernel
support).  This would enable a portable userspace implementation with
os-dependent fs hooks.

-- 
        Greg Troxel <gdt@ir.bbn.com>