PKI-based write only file system Kernel/FUSE/Runnable User Metaspace Program (NetBSD) Dev/VDev FS write driver FS read driver * Denies any fopen(f,”r[+]”) because file reading is meaningless without the private key.* Written blocks are encrypted using the Public Key.* Metadata is stored in plain text: files along with the corresponding blocks.* Atomic transactions (If not atomic, any record of a block recorded improperly may make that block inaccessible until the next File System Check. * Provides access to arbitrary FS blocks and metadata especially over network.* Allows queries like searches.* Allows queries of FS metadata as metadata is plain text anyway. Client FS Driver * Looks up metadata on the server, chooses the block to access and accesses it. Uses: * Making past writes inaccessible (even if there is someone who physically has access to it, only the current incoming data may be caught, not past entities.). It is not possible to decrypt the entire filesystem examining the memory as the server itself is unable to decrypt it anyway (unlike what that can be obtained from BitLocker/TrueCrypt/VeraCrypt by accessing memory by using Thunderbolt).* Serving rarely requested large files stored on untrusted endpoints as a stream. Storage is generally cheap but a trusted one isn’t.Files can be renamed and edited as usual with the client driver.Considerations: Performance of asymmetric cryptography algorithms: RSA and EC. Performance may be improved by using a hybrid method like using a random AES key and encrypting the AES key by the RSA/EC key and placing it at the header of the file or in the metadata table. Modifying large files: …File System Checks: File integrity can be checked by usual methods used by other filesystems.Block freeing cannot be done if the metadata goes corrupt as it is difficult to decide which blocks are free until the client comes up with it. This is why the metadata has to have atomic updates (like general ACID in RDBMS like PostgreSQL.). Having a journal would be helpful. Server Client Rishi KL. <ris [at]>