[AFS3-std] Re: RFE: Support for client-side content encryption in AFS

[David Howells]

Eric Biggers <ebiggers@kernel.org> wrote:

> First, CephFS already supports fscrypt.  Have you looked at how it works=
 and
> solves some of these issues?

Yes.  I've been looking into it very deeply:

https://web.git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/=
log/?h=3Dceph-iter

I'm not sure which issues you're referring to specifically that you think =
ceph
might have a usable solution, but note that Ceph has the ability to store
extra data, such as the "sparse map" that AFS doesn't have, unfortunately.
It's not easy to extend AFS because the volume transfer protocol/backup
protocol would need to change.

And with regard to filename encryption, the traditional AFS directory form=
at
has a limit on the maximum directory size, so increasing the size of filen=
ames
by a third would be a problem.

> Second, per-block keys would be really inefficient and are unnecessary. =
 The
> way that fscrypt works is that the keys are (usually) per-file, and with=
in
> each file each block has a different IV (initialization vector).  That i=
s
> sufficient to make each block be encrypted differently.

Okay.  Sounds good.

David