<div>you may want to try encrypting/decrypting in mpage_writepage/mpage_readpage </div>
<div>and maintaining keys in inode/as extended attributes.</div>
<div> <br><br></div>
<div class="gmail_quote">On Wed, Jul 10, 2013 at 10:39 PM, <span dir="ltr"><<a href="mailto:Valdis.Kletnieks@vt.edu" target="_blank">Valdis.Kletnieks@vt.edu</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT:#ccc 1px solid;MARGIN:0px 0px 0px 0.8ex;PADDING-LEFT:1ex" class="gmail_quote">
<div class="HOEnZb">
<div class="h5">On Wed, 10 Jul 2013 21:32:22 +0800, <<a href="mailto:wuyaalan@gmail.com">wuyaalan@gmail.com</a>> said:<br><br>> I wanna encrpto some data in kernel, and these encrypto data storage<br>> on disk .i should decrypt data before system call trasmit to user mode.<br>
> then what should i do ? how to get encrypt data ?<br>> I wanna intercept write function(kernel), when this function got<br>> encrypt data i will decrypt.<br><br></div></div>This will probably not end well, as crypto is a lot harder to get right than<br>
it looks.<br><br>What threat model are you trying to defend against with the encrypted data?<br>What data are you encrypting, and who are you trying to keep it away from?<br><br>The biggest problem is the secure storage and management of crypto keys.<br>
You're almost certainly better off using the in-kernel keyring code instead<br>of trying to do this yourself. Also see the various TPM support code.<br><br>And it's possible that what you *really* wanted to use is the userspace<br>
cryptLUKS code or TrueCrypt or similar - it's hard to tell what you're trying to do.<br><br>_______________________________________________<br>Kernelnewbies mailing list<br><a href="mailto:Kernelnewbies@kernelnewbies.org">Kernelnewbies@kernelnewbies.org</a><br>
<a href="http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies" target="_blank">http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies</a><br><br></blockquote></div><br>