projects techreports press lab location staff
citi top.2 top.3
citi mid.3
bot.1 bot.2 bot.3
star

Projects : Smart Cards : SC-CFS

Smartcard Secured Cryptographic File System (SC-CFS)

Description

This integrates smartcards into Matt Blaze's Cryptographic File System. The user's master key is stored in a smartcard. The smartcard generates a per-file encryption key.

SC-CFS was tested on OpenBSD and Linux. Supported card is Schlumberger's Cyberflex Access.

Download

SC-CFS is based on CFS-1.3.3. CFS developers allow distribution of modified code, so this package include the CFS code as well.

Dependencies

Installation

  • (If you are in CITI, all the software is in /afs/citi.umich.edu/projects/smartcards/src/sc-cfs/i386_obsd27 or /afs/citi.umich.edu/projects/smartcards/src/sc-cfs/i386_linux2 . So you can skip this section.)
  • Install the sc7816 library in /usr/local/lib
  • Compilation - Linux 2
    1. uncomment Linux part of Makefile
    2. remove -traditional
    3. make cfs. this will fail somewhere.
    4. in nfsproto_svr.c and admproto_svr.c, change
      bool_t (*xdr_argument)(), (*xdr_result)();
      to
      bool_t (*_xdr_argument)(), (*_xdr_result)();
    5. then make cfs again.
  • Compilation - OpenBSD 2.7
    1. uncomment OpenBSD part of Makefile
    2. make admproto_clnt.c
    3. make sure to include this line in make_with_bad_rpcgen
      -Dadmproc_verify_2_svc=admproc_verify_2 \
    4. sh make_with_bad_rpcgen cfs
  • Compilation - Solaris 2
    1. uncomment Solaris 2.3 part of Makefile
    2. make cfs

Usage

  • mkdir /null
  • chmod 0 /null
  • mkdir /crypt
  • add
    /null localhost
    in /etc/exports.
  • Starting SC-CFS - Linux 2
    1. /usr/sbin/rpc.mountd
    2. cfsd
    3. mount -o port=3049,intr,rsize=16384,wsize=16384 localhost:/null /crypt
    4. cattach
  • Starting SC-CFS - OpenBSD 2.7
    1. compile kernel with NFSCLIENT and NFSSERVER
    2. run portmapper
    3. run mountd
    4. run cfsd
    5. mount -o port=3049,nfsv2,intr localhost:/null /crypt
    6. cattach
  • Use UNIX filesystem commands to access files in a smartcard. In addition, use the following SC-CFS specific commands.
    • cmkdir -S port_num dir to create SC-CFS protected directory.

Comments, etc

Send them to smartcards@umich.edu
blank.space
b.star projects | techreports | press | lab | location | staff Email address
or call +1 734 763 2929
Copyright © 1996-2013
The Regents of the University of Michigan
bottom.line
citi