PEFS encryption for OpenBSD

mfaridi · #1 **(View Single Post)** 30th January 2015

I find good link in bsdnow.tv about PEFS in FreeBSD
Can we have something like this in OpenBSD ?

Oko · #2 **(View Single Post)** 30th January 2015

Where is the link?

Quote:

which stands for Private Encrypted File System, is a kernel-level stacked cryptographic filesystem for FreeBSD

The answer to your question is obviously you can't use PEFS on OpenBSD. However OpenBSD cryptographic stuck is more potent IMHO than FreeBSD. On the kernel level you have softraid which can be used for the full disk encryption. OpenBSD kernel still includes vnd (vnode disk driver) which also can be used for encryption but it is obsoleted by softraid for full disk encryption. For user-land level encryption I recommend scrypt which is coincidently developed by probably the smartest person in FreeBSD camp and their former chief security officer Collin Parceval. Collin is Canadian holding PhD in mathematics (number theory) from Oxford University and he is top notch mathematician.

mfaridi · #3 **(View Single Post)** 30th January 2015

http://www.bsdnow.tv/tutorials/pefs

jggimi · #4 **(View Single Post)** 31st January 2015

In your other thread this week about disk encryption, you stated that full disk encryption ("FDE") was required. With a little bit of basic research I helped you to discover that both OpenBSD's softraid and FreeBSD's GELI used the same cryptographic primitives, though there are implementation differences and there are operational considerations when choosing between them.

Now, you are asking specifically about a less-than-FDE FreeBSD crytographic tool, and whether it can be deployed on OpenBSD. No, not without being ported.

Perhaps, if your needs have changed, or, you have a new use-case, you might possibly be interested in non-FDE disk encryption methods on OpenBSD? If so, you can use the same tools discussed in your other thread: the softraid CRYPTO discipline can be applied to a single filesystem, such as /home, as I mentioned to you in your other thread. In addition, I'd mentioned vnconfig/mount_vnd, which can create and mount virtual filesystems, and these can be encrypted. While this option cannot be used for FDE, it may be more flexible than softraid for your use-case. This is because the "backing storage" can be partitions as with softraid, but unlike softraid the backing storage can also be a file in a standard filesystem. While this isn't FreeBSD's PEFS implementation, it may have enough similarities that it meets your needs. If it doesn't, then perhaps FreeBSD with PEFS is a better fit solution for your new use-case.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Disk encryption	mfaridi	OpenBSD Security	12	2nd March 2015 08:45 PM
whole disk encryption	22decembre	OpenBSD Security	6	5th January 2015 09:23 AM
FreeBSD RFC: pefs - stacked cryptographic filesystem	Oliver_H	News	0	7th September 2010 07:17 AM
Security: Encryption: Disk Encryption	eurovive	Other BSD and UNIX/UNIX-like	17	6th March 2010 04:09 AM
softraid encryption	Sunnz	OpenBSD Security	6	24th September 2009 04:58 AM