676351e4c4
kernel cgd driver in an application which encrypts and decrypts files. The cgd driver is running completely in userspace and requires no special access privileges. For example: golem> dmesg > dmesg.txt # write encrypted dmesg.txt to encrypted.img golem> ./img2cgd write encrypted.img dmesg.txt /cryptfile's passphrase: # read encrypted.img and output decrypted contents to decrypted.txt golem> ./img2cgd read encrypted.img decypted.txt /cryptfile's passphrase: golem> diff dmesg.txt decypted.txt # but when entering a different password: golem> ./img2cgd read encrypted.img decypted.txt /cryptfile's passphrase: golem> diff dmesg.txt decypted.txt Binary files dmesg.txt and decypted.txt differ Currently the utility writes the data length in a proprietary format, but I'll convert it to use a real disklabel RSN. Then it can be used to create cgd-encrypted disk images. This program can later be used as a base for a utility to create cgd-encrypted images of a standard NetBSD build. Idea for such a tool and hence the inspiration for this simple example program from Roland Dowdeswell.
9 lines
171 B
Plaintext
9 lines
171 B
Plaintext
algorithm aes-cbc;
|
|
iv-method encblkno1;
|
|
keylength 128;
|
|
verify_method none;
|
|
keygen pkcs5_pbkdf2/sha1 {
|
|
iterations 42;
|
|
salt AAAAgGP2NZIYEnyKYALLRmdZdZc=;
|
|
};
|