[OpenAFS-devel] Re: [GSoC 2010] Encrypted storage

Simon Wilkinson sxw@inf.ed.ac.uk
Sat, 3 Apr 2010 23:19:36 +0100


On 3 Apr 2010, at 22:29, Andrew Deason wrote:

> Just my impressions below... others here can probably provide more
> authoritative answers.

Your impressions are correct. Thanks for taking the time to answer  
this in detail.

> My guess is that any particular key would be used for at most a single
> volume. (That is, the key used to encrypt the data, not the user's  
> keys)

My current intention is that there will be a unique (randomly  
generated) key per file. Key derivation would then be used to generate  
an individual key for each block within that file (where block size  
remains to be determined, but my current suspicion is that it is going  
to be most efficient to use 4k blocks)

As you note, the per file key would then be encrypted with one (in the  
GSoC example) or more (in a hypothetical future system) user keys, and  
stored alongside the original file.

Cheers,

Simon.