-------------------------------------------------------------
Transparent Cryptographic File System (TCFS) for NetBSD
Author: Giuseppe Persiano [giuper@dia.unisa.it]
Giuseppe Cattaneo [cattaneo@dia.unisa.it]
Luigi Catuogno [luicat@tcfs.dia.unisa.it]
Aniello Del Sorbo [anidel@tcfs.dia.unisa.it]
references: http://tcfs.dia.unisa.it
tcfs-bsd@tcfs.unisa.it
-------------------------------------------------------------
OVERVIEWING TCFS SUPPORT UTILITY
--------------------------------
Interaction between user and the kernel part of TCFS is
provided by updating the tcfs mount point. This interaction
consists in put/remove key operations.
In order to make these operation easier, some support utilities
have been designed. We have commands to put and remove users
and/or group keys for any TCFS filesystem (tcfsputkey,
tcfsrmkey), a command that manages cryptographic attributes,
and a set of utility that manages a database of key (tcfsadduser,
tcfsaddgroup, tcfsrmuser, tcfsrmgroup, tcfsgenkey).
A utility to execute any user program giving it a per-process
key, is also provided (tcfsrun).
The TCFS utilities are placed into the /usr/tcfs/bin and /usr/tcfs/sbin
directories. A development library and some include files are
placed in /usr/tcfs/lib and /usr/tcfs/include, but are yet
undocumented.
The file /usr/tcfs/etc/tcfstab contains a filesystem_label - mountpoint
mapping. This file must contain at least the definition of the label
default. All TCFS utilities require the target tcfs filesystem. The
user can specify a label instead of the path of the mount point. If
The user does not indicate any filesystem, default filesystem is
assumed as target.
TCFS users can provide their keys by hand. Otherwise, it is possible
to generate a "good" key, and store it scrambled in a key database.
Keys are encrypted using the user password and stored in the
/usr/tcfs/etc/tcfspwdb and /usr/tcfs/etc/tcfsgpwdb files (GDBM format
databases). Thus, TCFS users must not remember their encryption
key, but can use a randomly generated key just giving their password
to the tcfsputkey command. To do this, each user, must be added to
the tcfspwdb database by the system administrator.
Example:
1) User ciccio pushes a "hand made" key
ciccio$ tcfsputkey -k -p /mnt/tcfs
Insert tcfs-key:
This can be very cumbersome. We provide the following
alternative key management scheme.
2) System administrator registers ciccio as a TCFS user
# tcfsadduser -l ciccio
then ciccio asks the generation of his key
ciccio$ tcfsgenkey
password:
please press 10 keys:
Each time, ciccio want use his default key, he must
just run
ciccio$ tcfsputkey -p /mnt/tcfs
ciccio's default key is passed to TCFS
The file groups provide a description of the of the
group-shared keys file protection.
USER/GROUP KEY MANAGEMENT
-------------------------
- tcfsputkey/tcfsrmkey
tcfskey puts the user key into the target filesystem's key
table. The key can be taken either from the key database
/usr/tcfs/etc/tcfspwb database or from standard input. By
default the user's key pushed into the kernel is taken from
the key database.
tcfsrmkey removes the user key.
synopsis:
tcfsputkey [-k][-f filesystem-label | -p mount-point]
tcfsputkey [-g group][-f filesystem-label | -p mount-point]
tcfsrmkey [-g group][-f filesystem-label | -p mount-point]
options:
-k user will be asked for a key that is put
into the key table of the target filesystem. By default
tcfsputkey search for an user's entry into the key
database. The -k option can not be used with -g.
-f indicates the label (defined in /usr/tcfs/etc/tcfstab) of
the target filesystem. It can not be used with -p
-p indicates the path of the mount-point of the target
filesystem. If neither -k or -p are provided on the
line command, tcfsputkey assumes the default label
as target
-g pushes the user's <group> part of key into the
group key table of the target filesystem
- tcfsgenkey
Generates a random key and saves it into the entry of
the TCFS key database relative to the user.
synopsis:
tcfsgenkey
- tcfsflag
Toggles/read tcfs file/directory attributes.
synopsis:
tcfsflag {x|g|r} file
x option set/unset the user/process tcfs flag to <file>
g option set/unset the group tcfs flag to <file>
r reads tcfs attributes of <file>
- tcfsrun
Creates a process, give him a tcfs process key, and
let it to execute the given command line.
synopsis:
tcfsrun [-k][-p mount-point | -f filesystem-label] command [args...]
-k user will be asked for a key. If this flag is not given,
tcfsrun searches for a user's key into the key
database.
-f indicates the label (defined in /usr/tcfs/etc/tcfstab) of
the target filesystem. It can not be used with -p
-p indicates the path of the mount-point of the target
filesystem. If neither -k or -p are provided on the
line command, tcfsrun assumes the default label
as target
- tcfsadduser/tcfsrmuser
The administrator can add an entry into the tcfs key
database by running tcfsadduser. Then users can generate
their key by running tcfsgenkey.
The tcfsrmuser command, removes an user entry from the
tcfs-key database.
synopsis:
tcfsadduser [-l user]
tcfsrmuser [-l user]
-l specifies the user whose entry is being created/removed on
the command line.
- tcfsaddgroup/tcfsrmgroup
The administrator can add an entry into the group tcfs-key
database by running tcfsaddgroup.
The program asks the administrator these informations:
- The group-id of the target group.
- The number of components of the group.
- The threshold (the minimum number of user's parts of key
needed by the kernel to enable the group shared key).
- The user-id of each component.
Tcfsaddgroup generates the group shared key and all user's
parts.
The tcfsrmgroup command, removes all database entries
relative to the given group-id.
synopsis:
tcfsaddgroup [-g group]
tcfsrmgroup [-g group]
-g specifies the group whose entry is being created/removed on
the command line.