Proposal: Personal Data Encryption (maybe SoC?)

Gabriel Ambuehl gabriel_ambuehl at
Fri Mar 23 09:49:06 CET 2007

On Thursday 22 March 2007 20:48:44 Joe Pfeiffer wrote:
> It's not necessary (which was one of my goals) -- if the pefs is
> mounted, any time the application reads or writes an encrypted file
> the Right Thing Happens.  An encryption-aware application can request
> its databases be saved encrypted; the encryption manager would handle
> encrypting databases for unaware applications, after which the
> encryption would happen without any help from the application.

I'm not entirely sure why one would need a new FUSE driver then. 

Can't you just use encfs (I gather you don't want LUKS because it needs 
setting Filesystem size in advance and I can see why one would want to avoid 
that [1]) and tell the apps to either use the encrypted tree or not? Then any 
app can be made to use the encryption features by virtue of providing it with 
proper paths. 

Things like unmounting on inactivity etc can easily be handled by a small user 
space daemon running besides FUSE then. And if you want to provide different 
levels of security, simply add more trees...

[1] From a purely technicaly point of view, I much prefer LUKS to encfs 
though. I wonder if one could have dynamically growing LUKS volumes inside 
normal files?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
Url : 

More information about the community mailing list