Crypted File System (cfs) & Encrypted Session Manager (esm) available
---------------------------------------------------------------------

Matt Blaze's Crypted File System cfs-1.3.3 with Blowfish algorithm 
and Encrypted Session Manager esm-1.0.2 
are now available as binary and source rpms at: 
	
	ftp.hacktic.nl/pub/replay/pub/incoming/cfs-1.3.3bf-1*.rpm
should go later to:
	ftp.hacktic.nl/pub/replay/pub/crypto/CRYPTOapps/cfs-1.3.3bf-1*.rpm



from the cfs manual:

[...]
CFS pushes encryption services into the Unix(tm) file system.  It
supports secure storage at the system level through a standard Unix
file system interface to encrypted files.  Users associate a
cryptographic key with the directories they wish to protect.  Files in
these directories (as well as their pathname components) are
transparently encrypted and decrypted with the specified key without
further user intervention; clear text is never stored on a disk or sent
to a remote file server.  CFS employs a novel combination of DES
stream and codebook cipher modes to provide high security with good
performance on a modern workstation.  CFS can use any available file
system for its underlying storage without modification, including
remote file servers such as NFS.  System management functions, such as
file backup, work in a normal manner and without knowledge of the key.
[...]
CFS runs entirely at user level, as a local NFS server running on the
client machine's "loop back" interface. 
[...end cfs manual]


from README.esm:

[...]
ESM is an encrypted session layer for managing remote encrypted
sessions.  It does 1024 bit DH key exchange (from RSAREF)
and 3-des in 8bit cfb mode for the traffic encryption.  See the
man page (esm.1 in this distribution).
[...]
In most applications, an encrypting Telnet is a better choice (and
network-layer encryption better still).  ESM's main purpose is providing
end-to-end encryption across a firewall.  It also requires no "system
support" to install, which is both an advantage and a disadvantage.
[...end README.esm]



If you don't trust me, go and check the sources. 


PS:   cfs will install a file named /usr/bin/ssh and /usr/man/man1/ssh.1. 
      If you have installed secure shell (=ssh) in /usr/bin/ be sure to 
      rename it before the install of cfs-1.3.3 to avoid overwriting. 


PPS:  cfs-1.3.3 is "export restricted" because some people think it is 
      explosive like ammunition. So be a nice guy, support the crypto 
      industry outside the US and don't export this stuff from US/Canada 
      to the rest of the world. If you live in a country like France 
      or China, you wont have the freedom at all to use cfs or esm. 


 
Regards from 

hal@darkstar.frop.org 
(You knew it since Linux 0.9x. This site is real. ;)



-------------------------------------------------------------------------
"LAWFUL USE OF ENCRYPTION.-It shall be lawful for any person 
within any State of the United States... to use any encryption, 
regardless of encryption algorithm selected, encryption key 
length chosen, or implementation technique or medium used...
except as provided in this Act... or in any other law."

-- Senate Bill S.1587 - The Encrypted Communications Privacy Act
introduced 5 March 1996 by Sen. Leahy (D-VT) and Rep. Goodlatte (R-VA)
details & analysis available from Electronic Privacy Information Center
and Voters Telecommunications Watch.
-------------------------------------------------------------------------