Date: 21 Nov 2003 20:27:56 -0500 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: "Paul Hamilton" <paul@bdug.org.au> Cc: Freebsd-Questions <freebsd-questions@freebsd.org> Subject: Re: Automatically encrypting data files in a partition. Message-ID: <44smkhmbtv.fsf@be-well.ilk.org> In-Reply-To: <AGEHIFHGNEMPFNCPLONMAEJKFHAA.paul@bdug.org.au> References: <AGEHIFHGNEMPFNCPLONMAEJKFHAA.paul@bdug.org.au>
next in thread | previous in thread | raw e-mail | index | archive | help
"Paul Hamilton" <paul@bdug.org.au> writes: > I need a way to store different directory trees and files with different > encryption keys, i.e.. > > /data/mars /data/mars/one /data/mars/two etc all are encrypted with one > key and > > /data/venus /data/venus/one /data/venus/two etc, would have a different > key. > > Ideally, the directory structure, and file names wouldn't be encrypted. > /data is an independent partition. > > Some of these files, could be MS Office data files, others might be MS > program *.exe files etc. It would be nice if this happened at the > filesystem level, i.e., I would enter a key and the root dir name for each > 'data tree' into the config file, reload the config file into the > 'encryption filesystem program' and all would be sweet ;-) The closest thing I know of is cfs (in the ports). It encrypts some of the directory structures as well, which is usually desirable because they can contain secret information as well (think of a file named "CompanyX_Merge_Plans.doc"). I don't know if it's capable of handling passphrases centrally as opposed to on a user-session basis, but if so, you would need someone with the password present every time you booted the machine.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44smkhmbtv.fsf>