Although cryptographic techniques areplaying an increasingly important role in modern computing system security,userlevel tools for encrypting file data arecumbersome and suffer from a number of inherent vulnerabilities. The Cryptographic File System (CFS) pushes encryption services into the file system itself. CFS supports securestorage at the system level through a standardUnix file system interface to encrypted files. Users associate a cryptographic key with the directories they wish to protect. Files in these directories (as well as their pathname components) aretransparently encrypted and decrypted with the specified key without further user intervention; cleartext is never stored on a disk or sent to a remote file server.CFS can use any available file system for its underlying storage without modification, including remote file servers such as NFS. System management functions, such as file backup, work in a normal manner and without knowledge of the key. This paper describes the design and implementation of CFS under Unix. Encryption techniques for file system-level encryption aredescribed, and general issues of cryptographic system interfaces to support routine securecomputing arediscussed.