Matt Blaze's Software

Some software I've written is available here. (Right now, it's just CFS, but check back occasionally.)


CFS is an encrypting file system for Unix-like OSs. It uses NFS as its interface, and so is reasonably portable. The FS code dates back to 1989, and the crypto to 1992, so it is showing signs of age. This code should be regarded as completely unsupported; a complete rewrite will follow eventually.

Please don't download this code if you're in a place that's forbidden (under US or local law) to export cryptographic software from the US to, or if you're on the State Department's "Denied Persons List." If you aren't sure, ask a good lawyer.

Latest CFS distribution: Tar format (cfs.tar), Gzip'd Tar format (cfs.tar.gz), Gzip'd Tar format (cfs.tgz).

The latest version is 1.4.1, which you can get explicitly here: Tar format (cfs-1.4.1.tar), Gzip'd Tar format (cfs-1.4.1.tar.gz), Gzip'd Tar format (cfs-1.4.1.tgz).

There are two papers on CFS:

M. Blaze, "Key Management in an Encrypting File System." USENIX Summer 1994 Technical Conference, Boston, MA, June 1994. PostScript, PDF.

M. Blaze. "A Cryptographic File System for Unix." Proceedings of the First ACM Conference on Computer and Communications Security, Fairfax, VA, November 1993. PostScript, PDF.

Click here to return to the home page.