Smartcard Secured Cryptographic File System (SC-CFS)
Description
This integrates smartcards into Matt Blaze's Cryptographic File
System. The user's master key is stored in a smartcard. The
smartcard generates a per-file encryption key.
SC-CFS was tested on OpenBSD and Linux. Supported
card is Schlumberger's Cyberflex
Access.
Download
SC-CFS is based on
CFS-1.3.3.
CFS developers allow distribution of
modified code, so this package include the CFS code as well.
Dependencies
Installation
- (If you are in CITI, all the software is in
/afs/citi.umich.edu/projects/smartcards/src/sc-cfs/i386_obsd27
or
/afs/citi.umich.edu/projects/smartcards/src/sc-cfs/i386_linux2
. So you can skip this section.)
- Install the sc7816 library in /usr/local/lib
- Compilation - Linux 2
- uncomment Linux part of Makefile
- remove -traditional
- make cfs. this will fail somewhere.
- in nfsproto_svr.c and admproto_svr.c, change
bool_t (*xdr_argument)(), (*xdr_result)();
to
bool_t (*_xdr_argument)(), (*_xdr_result)();
- then make cfs again.
- Compilation - OpenBSD 2.7
- uncomment OpenBSD part of Makefile
- make admproto_clnt.c
- make sure to include this line in make_with_bad_rpcgen
-Dadmproc_verify_2_svc=admproc_verify_2 \
- sh make_with_bad_rpcgen cfs
- Compilation - Solaris 2
- uncomment Solaris 2.3 part of Makefile
- make cfs
Usage
- mkdir /null
- chmod 0 /null
- mkdir /crypt
- add
/null localhost
in /etc/exports.
- Starting SC-CFS - Linux 2
- /usr/sbin/rpc.mountd
- cfsd
- mount -o port=3049,intr,rsize=16384,wsize=16384 localhost:/null /crypt
- cattach
- Starting SC-CFS - OpenBSD 2.7
- compile kernel with NFSCLIENT and NFSSERVER
- run portmapper
- run mountd
- run cfsd
- mount -o port=3049,nfsv2,intr localhost:/null /crypt
- cattach
- Use UNIX filesystem commands to access files in a smartcard. In
addition, use the following SC-CFS specific commands.
- cmkdir -S port_num dir to create SC-CFS protected directory.
Comments, etc
Send them to
smartcards@umich.edu
