Check out the new USENIX Web site. next up previous
Next: The Kerberized Key Management Up: Key management Previous: Raw Key Management Scheme

The Basic Key Management Scheme

This scheme allows users to generate their keys and to store them in a database in encrypted form using the login password as key. Thus, TCFS users must not remember their master key, but only their login password. To benefit of the BKMS a user must be registered with the key database (typically the file /etc/tcfspwdb) by the system administrator. The usage of the BKM scheme follows the phases below:
  1. The system administrator registers a user to the key database (Fig. 1) by issuing the command tcfsadduser.
  2. The user creates his master key by running the tcfsgenkey command. tcfsgenkey generates a random key, encrypts it with the user's password, and stores it in the entry of the key database associated with the user.
  3. When the user needs to access his encrypted files, he must extract his master key from the database (providing his password), and give it to the TCFS layer. This operation can be performed with the tcfsputkey command(Fig. 2).
  4. The user terminates his session by running the tcfsrmkey command which erases the key from the kernel.
Setting up a TCFS group requires the following steps:
  1. The system administrator creates a normal UNIX group, then creates a TCFS group by running the tcfsaddgroup command. This utility asks for the number of group member, the threshold, the password, and the username of each member of the new TCFS group. For each member, a share is created, encrypted with the password of the respective user and then it is stored in the TCFS group keys database ( tcfsgpwdb).
  2. To become active, a member of a TCFS group pushes her share into the kernel. This can be accomplished by executing the command tcfsputkey with the -g switch. Note that, user can get access to shared files only if the number of the same group shares pushed to the kernel is greater or equal to the group's threshold.
  3. The tcfsrmkey -g command ends the user's session.

Figure 2: A simple TCFS session
\begin{figure*} \centerline { \begin{tabular}{\vert lr\vert}\hline {\tt jack\$ {... ...\quad & {\it has no effect on clear files} \\ \hline \end{tabular}}\end{figure*}

The aim of the BKMS is to provide the user with a simple to use management scheme. It is not to be considered very secure as the user master key is protected by the user login password that can be compromised in several ways.

next up previous
Next: The Kerberized Key Management Up: Key management Previous: Raw Key Management Scheme
The TCFS Team
2001-04-27