[OpenAFS-devel] Re: [GSoC 2010] Encrypted storage

[Andrew Deason]

On Tue, 23 Mar 2010 22:18:40 +0530
Sanket Agarwal <sanket@sanketagarwal.com> wrote:

> Hi Guys,
> 
> Introduction: This is Sanket Agarwal, Third Year Undergraduate Student of
> the Department of Computer Science and Engineering, Indian Institute of
> Technology, Kharagpur( India ). I am an open source enthusiast as well as
> interested in theoretical computer science.

Hi!

>    - Where can I learn about the present encryption methodology used
>    in OpenAFS for packet encryption and which module shall have the
>    relevant code section ? This can give me an insight about what can
>    be a good way to do Server side encryption!

The current encryption algorithm ('fcrypt') is described here:
<http://users.surfvi.com/~ota/fcrypt-paper.txt>. I think the code is in
src/rxkad/bg-fcrypt.c.

However, fcrypt is weak (slightly weaker than DES, I think). Don't use
that, unless you need to use existing encrypted traffic for something.
If you just want an example of encrypting packets in AFS, I would
suggest you look at the rxk5 (krb5-based) and/or rxgk (GSSAPI-based)
specifications instead:
/afs/umich.edu/group/itd/build/mdw/openafs/patches/rxk5-1.pdf and
<http://tools.ietf.org/html/draft-wilkinson-afs3-rxgk-00>, respectively.

The code for those mechanisms aren't in the OpenAFS source tree right
now. I'm pretty sure rxk5 source exists, though I don't have a direct
link for you; I'm sure Marcus Watts or Matt Benjamin can say where to
find it. I'm not sure how much rxgk code exists, but Simon Wilkinson is
probably the person to ask, there.

I'm not sure how helpful that is to you, since (I think) most of that
deals with authentication and encryption and how it relates to RX and
rpc-specific problems and such... but there it is.

-- 
Andrew Deason
adeason@sinenomine.net