Copyrigth by Lifeboat, LLC https://www.lifeboat.llc
This repo holds HDF5 Encryption VFD prototype and documentation. The code can be used for testing purposes only. Current implementation supports AES and Twofish symmetrical-key encryption from the GNU gcrypt library.
Below are instructions how to build in "place" the version of HDF5 with encryption enables. Please notice that currently key and magic number are hard coded for tools to work and for tests to pass.
See hdf5/share/hdf5_examples/c/h5ex_d_rdwr_crypt.c for how to use new APIs to enable encryption.
-
Checkout from the reporistory
git clone [email protected]:LifeboatLLC/HDF5-Encryption.git -
Change directory to build the library in place
cd HDF5-Encryption/hdf5/hdf5-1_14_3 -
Set compiler and linker flags to find
gcyrptlibraryexport CFLAGS=-I/gcrypt_install_dir/includeexport LDFLAGS=-L/gcrypt_install_dir/lib/export LIBS=-lgcryptexport LD_LIBRARY_PATH=/gcrypt_install_dir/lib/ -
Run the
autogen.shscript to createconfigurescript and several header and source files. -
Build as usual
./configuremakemake checkmake installLibrary will be installed in the
hdf5subdirectory -
Change directory to the installed examples and compile and run
h5ex_d_rdwr_crypt.cto create theh5ex_d_rdwr_crypt.h5file.cd hdf5/share/hdf5_examples/c../../../bin/h5cc h5ex_d_rdwr_crypt.c./a.out -
Use
headcommand to see encryption plaintext headerhead h5ex_d_rdwr_crypt.h5 -
Use tools to see the content and to repack the file to cleartext and back to encrypted one
../../../bin/h5dump h5ex_d_rdwr_crypt.h5../../../bin/h5repack --src-vfd-name crypt h5ex_d_rdwr_crypt.h5 h5ex_d_rdwr.h5 -
Check that
h5ex_d_rdwr.h5is cleartext now. -
Try
h5dumpon both files. The tool is smart enough to dump both ciphertext and cleartext files without specifyng the required I/O driver. -
Repack clear text file into encrypted file
../../../bin/h5repack --dst-vfd-name crypt h5ex_d_rdwr.h5 h5ex_d_rdwr_crypt_new.h5 -
Run
ls -al *.h5to see the size of the files.