cmkdir creates directory and assigns to it cryptographic
keys for use by the Cryptographic File System (CFS). Operation is
similar to the ordinary mkdir(1) command, with the addition that
the user is prompted for a passphrase which is used to generate the
DES keys used by cfsd(8) to transparently encrypt the files. The
smartcard version of cmkdir initializes a key smartcard and
requires that a blank smartcard be inserted into the smartcard reader.
Once created, encrypted directories can be made available for use with
the cattach(1) command. Users should not ordinarily read and
write directly to directories created with cmkdir, since these
files would not be stored in encrypted form.
By default, cmkdir creates directories for two-key hybrid mode
triple DES. The -1 option specifies two-key hybrid mode single
DES; this is faster, albiet at the expense of security. Three-key
triple DES is specified with -3; directories created for
three-key triple DES cannot be read by versions of CFS earlier than
1.3.2. Other cipher algorithms may also be available,
depending on the local configuration.
Use the -o option to create directories that can be read by versions
of CFS before 1.3; directories created under this option can be read
ccat as well.
The -p ("puny") option creates directories that use much less memory
when attached under cfsd. This is useful on machines with very little
(less than, say, 8MBs with a window system and browser also running)
memory. Files in directories created under -p may reveal slightly
more about their structure than regular CFS files.
The -- option will read the key from standard input, and will not
attempt to read from /dev/tty or change the terminal modes. This is
useful for creating directories from other programs or scripts, and
should not ordinarily be used.
Three new experimental block ciphers are included in the default
distribution. The -b oprion specifies Schneiers popular "Blowfish"
algorithm. It has a 128 bit nominal keyspace and is rather fast on most
computers. Blowfish is a fairly new algorithm and has not enjoyed nearly
the analytic attention that DES has, so it is not recommended for critical
applications. The -m option specifies Blaze and Schneiers
experimental "MacGuffin" cipher. It has 32 rounds, a 64 bit codebook size
and a 128 bit nominal keyspace. Use this cipher at your own risk; it is
much weaker than its keyspace suggests, and is included only as
Another new cipher, James Masseys SAFER-SK128, is also available in
this release. Specify SAFER-SK128 with the -s option. Again,
this cipher hasnt been around nearly as long as DES, so use it at
your own risk. SAFER is a little faster than triple DES.