[OpenAFS-devel] Re: [GSoC 2010] Encrypted storage
Simon Wilkinson
sxw@inf.ed.ac.uk
Sat, 3 Apr 2010 23:19:36 +0100
On 3 Apr 2010, at 22:29, Andrew Deason wrote:
> Just my impressions below... others here can probably provide more
> authoritative answers.
Your impressions are correct. Thanks for taking the time to answer
this in detail.
> My guess is that any particular key would be used for at most a single
> volume. (That is, the key used to encrypt the data, not the user's
> keys)
My current intention is that there will be a unique (randomly
generated) key per file. Key derivation would then be used to generate
an individual key for each block within that file (where block size
remains to be determined, but my current suspicion is that it is going
to be most efficient to use 4k blocks)
As you note, the per file key would then be encrypted with one (in the
GSoC example) or more (in a hypothetical future system) user keys, and
stored alongside the original file.
Cheers,
Simon.