Use of inode fields for storing encryption key of the file

I am working on inherent kernel functionality for file encryption and decryptio开发者_开发技巧n ; directory name with some predefined prefix will be automatically be encrypted. Now I am stucked to store encryption key for file securely can I use any unused field of inode for that? Will it be efficient or please suggest any other idea.

Storing the encryption key in the inode of a file which is encrypted is self-defeating - you can read this key using e.g. a disk editor and access the file content, thereby defeating encryption. You need to provide a /proc interface for that, so userspace can decide how this key is supplied (e.g. the user is prompted for a password which is hashed to obtain the encryption key).

The kernel should not write the encryption key anywhere, it should only receive it when it is written to a special /proc file. You can use another /proc file to tell the kernel the directory prefix that marks encrypted directories.

If you need to store some encryption metadata in the file (not the encryption key!), put it in a header like eCryptfs does.