security/cfs - The NetBSD Packages Collection

Encrypting file system, using NFS as its interface

CFS pushes encryption services into the UN*X file system.  It
supports secure storage at the system level through a standard UN*X
file system interface to encrypted files.  Users associate a
cryptographic key with the directories they wish to protect.  Files
in these directories (as well as their pathname components) are
transparently encrypted and decrypted with the specified key without
further user intervention; cleartext is never stored on a  disk or
sent to a remote file server.  CFS employs a novel combination of
DES stream and codebook cipher modes to provide high security with
good performance on a modern workstation.  CFS can use any available
file system for its underlying storage without modification,
including remote file servers such as NFS.  System management
functions, such as file backup, work in a normal manner and without
knowledge of the key.

This is a continuation fork which does not currently intend to make
substantial changes, but is buildable on modern systems.

Build dependencies

pkgtools/mktools pkgtools/cwrappers

Runtime dependencies


Binary packages

NetBSD 10.0aarch64cfs-1.5.0b.tgz
NetBSD 10.0earmv6hfcfs-1.5.0b.tgz
NetBSD 10.0earmv7hfcfs-1.5.0b.tgz
NetBSD 10.0x86_64cfs-1.5.0b.tgz
NetBSD 9.0aarch64cfs-1.5.0b.tgz
NetBSD 9.0earmv6hfcfs-1.5.0b.tgz
NetBSD 9.0earmv7hfcfs-1.5.0b.tgz

Binary packages can be installed with the high-level tool pkgin (which can be installed with pkg_add) or pkg_add(1) (installed by default). The NetBSD packages collection is also designed to permit easy installation from source.

Available build options


Known vulnerabilities

The pkg_admin audit command locates any installed package which has been mentioned in security advisories as having vulnerabilities.

Please note the vulnerabilities database might not be fully accurate, and not every bug is exploitable with every configuration.

Problem reports, updates or suggestions for this package should be reported with send-pr.