Isn't it time for the encrypted file system???
Josh Bressers
bressers at redhat.com
Sun Mar 26 02:06:40 UTC 2006
> >
> > Is there any chance that we can come up with something that doesn't
> > require something that's block-level and requires repartitioning? The
> > migration path pretty much sucks if we don't try for something else.
>
> I think Jeremy's point about using block level encryption on real disks
> for anything but removable / hotplugable devices makes sense. I also
> don't think we want to encrypt the entire home directory, that would
> suck for e.g. compiles of software
I'm somewhat surprised nobody has mentioned encfs yet.
http://arg0.net/wiki/encfs
I store many things in encfs filesystems as it's rather transparent and
very easy to setup and use. I imagine with very little effort support
could be built into nautilus.
It's already in extras as fuse-encfs.
The basics are that I have one directory named ~/.encfs, which has all the
encrypted bits. I then "mount" the .encfs directory into ~/encfs, where I
can see things as normal files (these are arbitrary names chosen by me, any
name can be used). Here's a directory listing of ~/.encfs:
% ls ~/.encfs
1k2A8hy,ELen4,JmfcH-51JG R8Xs0R097CPJJoc1bG2ZzXqX y6bOnGgyYiXmKAPav7giQaS,
hxc7gEQKqRa,G1 TMej1GDE,weeNiUM0XYeC6Wv
Everything in that directory is utter nonsense, but the magic part is, I
can rsync my encrypted directory without ill effect. This lets me backup
my encrypted information without needing the key (something lacking from
many encrypted filesystems.
--
JB
More information about the Fedora-maintainers
mailing list