Proposal: Personal Data Encryption (maybe SoC?)
Gabriel Ambuehl
gabriel_ambuehl at buz.ch
Fri Mar 23 09:49:06 CET 2007
On Thursday 22 March 2007 20:48:44 Joe Pfeiffer wrote:
> It's not necessary (which was one of my goals) -- if the pefs is
> mounted, any time the application reads or writes an encrypted file
> the Right Thing Happens. An encryption-aware application can request
> its databases be saved encrypted; the encryption manager would handle
> encrypting databases for unaware applications, after which the
> encryption would happen without any help from the application.
I'm not entirely sure why one would need a new FUSE driver then.
Can't you just use encfs (I gather you don't want LUKS because it needs
setting Filesystem size in advance and I can see why one would want to avoid
that [1]) and tell the apps to either use the encrypted tree or not? Then any
app can be made to use the encryption features by virtue of providing it with
proper paths.
Things like unmounting on inactivity etc can easily be handled by a small user
space daemon running besides FUSE then. And if you want to provide different
levels of security, simply add more trees...
[1] From a purely technicaly point of view, I much prefer LUKS to encfs
though. I wonder if one could have dynamically growing LUKS volumes inside
normal files?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
Url : http://lists.openmoko.org/pipermail/community/attachments/20070323/121c638b/attachment.pgp
More information about the community
mailing list
