man cattach (Commandes) - attach encrypted directory to CFS
NAME
cattach - attach encrypted directory to CFS
SYNOPSIS
cattach [ -l ] [ -- ] [ -t minutes] [ -i minutes] directory name
DESCRIPTION
cattach associates the encrypted directory (previously created with cmkdir(1)) with the specified name. cattach prompts for a passphrase, which is used to generate cryptographic keys sent to the cfs daemon cfsd(8) and used to transparently encrypt and decrypt the files as needed. If the correct passphrase is given (as verified by a known-plaintext hash file in the encrypted directory), the user may thereafter access the cleartext of the files in a virtual directory called name under the CFS mount point (usually /crypt). Otherwise, no virtual directory is created. The underlying directory may be specified either as an absolute path or relative to the current directory.
If no name is specified, the last path component of directory is used as a default.
If the -l ("lower security mode") option is given, newly created identical files will encrypt to identical ciphertexts. Otherwise, the creation time plus the original inode number of the encrypted file is used to perturb each file, frustrating certain cryptanalytic attacks. Under highly concurrent operation with multiple instances of the same encrypted directory, however, lower security mode may be required to avoid some race conditions. This mode also makes recovery (from backups) of individual encrypted files a bit simpler.
Note that attached virtual directories may be used only by users whose UID is the same as the issuer of the cattach command.
Ordinarily, the names of all currently attached directories can be obtained by listing the contents of /crypt (e.g., with ls(1)). If the specified name begins with a '.' (dot), however, cfsd will not include the name in directory listings. By using a hard-to-guess name, this mechanism can be used to provide some protection against attackers who can spoof the UID on the client machine. See the ssh(1) command for an example of this usage.
The -t option causes the attach to automatically go away after the specified number of minutes. The -i option deletes the attach after a specified number of minutes of inactivity. Note that these options, if used, should be chosen with some care; too short timeouts may actually increase the risk of compromise of frequently re-typed passphrases.
cattach will normally attempt to read the passphrase from the tty device (/dev/tty) and will not echo. The -- options forces cattach to read from stdin.
Virtual directories should be removed with the cdetach(1) command when no longer in use.
EXAMPLES
- cattach /u/mab/secrets mab
- associates encrypted directory "/u/mab/secrets" with the cleartext name "mab". Creates virtual directory "/crypt/mab".
- cattach /u/mab/secrets .123xyzzy
- associates encrypted directory "/u/mab/secrets" with the cleartext name ".123xyzzy". The cleartext name will not appear in a listing of /crypt.
- cattach -l secrets mab
- associates the encrypted directory "secrets" in the current directory with the cleartext name "mab". Identical files will encrypt to the same ciphertext.
FILES
- /crypt/*
- currently attached cleartext instances
SEE ALSO
BUGS
Really, really slow machines can time out on the RPC before cfsd is finished processing the attach command, especially when 3-DES is used. Such machines should probably be considered too slow to be running an encrypted file system anyway.
You can't attach an already encrypted directory, lest the single-threaded cfsd find itself in a deadlock.
There really should be a better security mechanism than the UID to protect against spoofing currently attached directories. The .name hack is an ugly kludge. In particular, it would be better to limit access to the process group of the user who issued the cattach command. Unfortunately, that information is not passed to cfsd.
The timeout isn't perfect, and may occur a minute or two later than expected.
AUTHOR
Matt Blaze; for information on cfs, email to cfs@research.att.com.