> >
> > Is there any chance that we can come up with something that doesn't
> > require something that's block-level and requires repartitioning? The
> > migration path pretty much sucks if we don't try for something else.
>
> I think Jeremy's point about using block level encryption on real disks
> for anything but removable / hotplugable devices makes sense. I also
> don't think we want to encrypt the entire home directory, that would
> suck for e.g. compiles of software
I'm somewhat surprised nobody has mentioned encfs yet.
http://arg0.net/wiki/encfs
I store many things in encfs filesystems as it's rather transparent and
very easy to setup and use. I imagine with very little effort support
could be built into nautilus.
It's already in extras as fuse-encfs.
The basics are that I have one directory named ~/.encfs, which has all the
encrypted bits. I then "mount" the .encfs directory into ~/encfs, where I
can see things as normal files (these are arbitrary names chosen by me, any
name can be used). Here's a directory listing of ~/.encfs:
% ls ~/.encfs
1k2A8hy,ELen4,JmfcH-51JG R8Xs0R097CPJJoc1bG2ZzXqX y6bOnGgyYiXmKAPav7giQaS,
hxc7gEQKqRa,G1 TMej1GDE,weeNiUM0XYeC6Wv
Everything in that directory is utter nonsense, but the magic part is, I
can rsync my encrypted directory without ill effect. This lets me backup
my encrypted information without needing the key (something lacking from
many encrypted filesystems.
--
JB
--
Fedora-maintainers mailing list
Fedora-maintainers@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers
|
