[OpenIndiana-discuss] What encryption options are available? [b 151_9]

Harry Putnam reader at newsguy.com
Tue Aug 26 14:31:11 UTC 2014 

Bob Friesenhahn <bfriesen at simple.dallas.tx.us> writes:

> On Tue, 26 Aug 2014, Harry Putnam wrote:
>>
>> Hopefully I've gotten it all wrong.
>> I'd hoped for something as simple as `encfs', then read that encryption
>> was now built into zfs.  But then it appears not to be so for oi?
>
> Zfs encryption is for the data stored on disk and is not 'file'
> level. Regardless, it is not provided for OpenIndiana.  FreeBSD has an
> encryption layer which can be used on devices underneath zfs.
>
>> Can anyone spell out what is available to use on OI 151_9 in the way
>> of really basic encryption?
>>
>> I'm basically only looking for something that would baffle script
>> kiddies.  I don't expect to be attacked by serious players.
>
> If you want to protect individual files you could install and use pgp.
>
> The problem with so-called "script kiddies" is that usually such
> scripts are run from within the cone of trust so they have access to
> decrypted data.  If the filesystem automatically decrypts the data for
> the applications (the normal case for an encrypting filesystem), then
> a script running on that filesystem is able to use it.

Thanks for the good info.
Maybe I should provide a description of what I want to do.

With encfs... which I've used on other os's until now, works like this:

Create a password protected container then whatever you put in it is
encrypted.

I keep only things like uid and passwords for the dozens of things one
collects over time, and bits of info I'd rather not share.  Nothing too
drastic.  But I guess UID and Passwd would be enough to drain my bank
account of all 50 bucks ... hehe. 

What I do is (manually )open the containter when I need something
which is usually like once/twice per day or so, then close the
container. So basically it stays encrypted most of the time.

There is no automatic application access involved.

So, I guess a script kiddie would have to first hack my host, then
hack my UID/Passwd, and then hack the passwd on the encrypted
container.

As it is now, even root does not have access to the container without
the passwd.

So, all and all, I guess I'm looking for something that works along
those lines.

More information about the openindiana-discuss mailing list