[OpenIndiana-discuss] What encryption options are available? [b 151_9]
Harry Putnam
reader at newsguy.com
Tue Aug 26 14:31:11 UTC 2014
Bob Friesenhahn <bfriesen at simple.dallas.tx.us> writes:
> On Tue, 26 Aug 2014, Harry Putnam wrote:
>>
>> Hopefully I've gotten it all wrong.
>> I'd hoped for something as simple as `encfs', then read that encryption
>> was now built into zfs. But then it appears not to be so for oi?
>
> Zfs encryption is for the data stored on disk and is not 'file'
> level. Regardless, it is not provided for OpenIndiana. FreeBSD has an
> encryption layer which can be used on devices underneath zfs.
>
>> Can anyone spell out what is available to use on OI 151_9 in the way
>> of really basic encryption?
>>
>> I'm basically only looking for something that would baffle script
>> kiddies. I don't expect to be attacked by serious players.
>
> If you want to protect individual files you could install and use pgp.
>
> The problem with so-called "script kiddies" is that usually such
> scripts are run from within the cone of trust so they have access to
> decrypted data. If the filesystem automatically decrypts the data for
> the applications (the normal case for an encrypting filesystem), then
> a script running on that filesystem is able to use it.
Thanks for the good info.
Maybe I should provide a description of what I want to do.
With encfs... which I've used on other os's until now, works like this:
Create a password protected container then whatever you put in it is
encrypted.
I keep only things like uid and passwords for the dozens of things one
collects over time, and bits of info I'd rather not share. Nothing too
drastic. But I guess UID and Passwd would be enough to drain my bank
account of all 50 bucks ... hehe.
What I do is (manually )open the containter when I need something
which is usually like once/twice per day or so, then close the
container. So basically it stays encrypted most of the time.
There is no automatic application access involved.
So, I guess a script kiddie would have to first hack my host, then
hack my UID/Passwd, and then hack the passwd on the encrypted
container.
As it is now, even root does not have access to the container without
the passwd.
So, all and all, I guess I'm looking for something that works along
those lines.
More information about the openindiana-discuss
mailing list