资源说明:AEFS, a cryptographic filesystem for Linux
þtitle AEFS Read Me þif text þh= Table of Contents þtoc þendif þh1 Introduction AEFS is a cryptographic file system for OS/2 and Unix-like operating systems. It allows transparent access to encrypted files stored on any file system -- it's not necessary to dedicate disk partitions. Several block ciphers are currently supported (Rijndael and Twofish). Extended attributes are supported under OS/2. þh2 Changes in version 0.2.1 This is a bugfix release. The following bugs were fixed: þitemize þitem A bug was fixed in the treatment of paths relative to the current directory (except the root directory) of the form þtt{X/filename}, where þtt{X} is a one-character file name. Such paths would incorrectly refer to the current directory. For example, þtt{touch X/bla} would create a file called þtt{bla} in the current directory instead of in þtt{X}. Thanks go to Max Alekseyev for discovering this bug. þitem Various fixes in the NFS server, which now seems to be reasonably stable. þitem AEFS now works properly on systems that don't support growing truncates (e.g., Linux on some file systems). Because of this the csAllocated field has been removed from the on-disk file info structure. The csAllocated field wasn't actually used by the file system anyway, but you may receive minor warnings (complaining about an inconsistency between the csAllocated field and the actual allocation of a file) when you run an older version of þtt{aefsck} against a file system created or modified by the current version of AEFS. þenditemize Furthermore, there is a new utility þtt{aefsutil} that allows access to unmounted file systems (i.e., list directories, extract files, etc.). þh2 Changes in version 0.2 There are a few improvements: þitemize þitem AEFS now works under other (read: Unix-like) operating systems as well. I've implemented an NFS server frontend to AEFS, so in principle any system that can mount NFS file systems can mount an AEFS file system. It has been tested on Linux and IRIX, and it at least compiles on FreeBSD and Solaris. þitem Autoconf configuration. þitem Utilities like þtt{aefsck} should produce better error messages in case of a low-level (corefs) error. þitem Rijndael is the default cipher (instead of Twofish) now that it has been selected as the AES. þitem Syslog support. The OS/2 daemon now logs to syslog instead of to a file. þitem Performance improvements in the OS/2 daemon with regard to directory handling. þitem Rijndael and Twofish now work on big-endian systems. þitem Storage files are now locked when they are being accessed. Notably, the superblock is locked for the entire time that the file system is being used. This prevents e.g. þtt{aefsck} from messing with a file system that is currently mounted. þenditemize I fixed the following bugs: þitemize þitem The FSD didn't correctly deal with interrupted client processes. If a process waiting for the FSD to complete a request would receive a signal (e.g. break or kill), then the daemon might corrupt the next request or even crash. þitem Seeks relative to the end of the file didn't work properly because the FS_WRITE operation forgot to update the size field of the kernel's sffsi data structure. This caused e.g. gnutar to fail. þitem Setting file info on an open file (DosSetFileInfo) would reset the file position to 0. þenditemize þh2 Requirements This software requires the EMX runtime. It can be downloaded from: þtt{ftp://ftp.leo.org/pub/comp/os/os2/leo/gnu/emx+gcc/emxrt.zip}. þh2 Installation Unzip the zip-file to any place on your hard disk. You only need the files in the þtt{bin} subdirectory; all other files are source code and may be deleted. Then add the following lines to þtt{CONFIG.SYS}: þexample IFS=\stubfsd.ifs AEFS RUN= \aefsdmn.exe þendexample where þsy{ } is the path of the þtt{bin} subdirectory. The first line loads the FSD (file system driver), which is really a stub that passes requests to the daemon, which is started in the second line and does the real work. You may also want to add þsy{ } to the PATH environment variable, but that's merely a convenience. After making these changes, reboot the system. þh2 Overview To create an AEFS volume using the default block cipher algorithm (Rijndael, with a 128-bit key size), type þexample mkaefs þendexample which will create a volume in þsy{ } (that is, the ciphertext will be stored in þsy{ }). It will ask you to (twice) enter the encryption key to be used for this volume. Don't forget the key! The key should be sufficiently hard to guess and may be of any length. (The key you enter is not actually the encryption key: it is hashed using SHA-1 into a key with the length expected by the block cipher). For example, þexample mkaefs c:\crypto þendexample will make a volume in þtt{c:\crypto}. To access the volume, you must attach (`mount') it to a drive letter. This can be done by typing þexample mntaefs : þendexample The program will then ask you to enter the encryption key. For example, þexample mntaefs x: c:\crypto þendexample will attach the volume created in the previous example to the drive letter X. You can now access the encrypted data in þtt{c:\crypto} through drive X. Any data you write to or read from drive X will be encrypted and decrypted transparently by AEFS. When you are done using the encrypted volume, you can type þexample umntaefs : þendexample to detach it. þh1 Command reference All programs use the GNU getopt syntax. They all support the following options: þdescription þitem þsy{--help} Print help and exit. þitem þsy{--version} Print version information and exit þenddescription For all programs that allow you to enter a key, you may set the environment variable þtt{AEFS_ECHO} to þtt{1} to have them echo the key you type to the screen; otherwise, user input it is not echoed. Also, for programs that allow you to enter a key, you may use the environment variable þtt{AEFS_PASSPHRASE} to pass the key non-interactively. This is safer than using the þsy{--key} option. þh2 mkaefs The þtt{mkaefs} program creates an AEFS file system. The syntax is: þsy{mkaefs
本源码包内暂不包含可直接显示的源代码文件,请下载源码包。