TCFS is designed to work in kernel space as an intermediate layer between the Virtual File System (VFS) and the storage file systems (such as EXT2FS, UFS, NFS and so on). In this way, user applications can perform all the usual file operations by means of system calls interface, without being rewritten/recompiled. Users can perform protection/encryption operations with apposite utilities which interact to the TCFS layer by the mount and ioctl system calls.
The TCFS layer only touches application data, and not file system logical structures (such as inodes, directory organization, etc.). Hence, although protected files result incomprehensible to the server's system administrator, all the disk maintenance tasks (check, backup, recovery), can be performed as usual.
TCFS has been implemented on Linux, and {Net,Open}BSD. The two versions are quite different, due to the different characteristics of the respective operating system.
All key management features (excepting pushing/removing keys) have been implemented at user level. To make easy the development of tcfs- aware application, or further key management schemes implementation, TCFS is provided of a development library that includes several functions which allow to manage every aspects of interaction among user and TCFS hiding any OS-specific implementation details.