Stupid Symantec

gnupg at raf.org gnupg at raf.org
Fri Mar 16 01:58:45 CET 2018


Daniel Kahn Gillmor wrote:

> On Thu 2018-03-15 17:11:15 +0000, Andrew Gallagher wrote:
> >> If this doesn't exist in the main GnuPG project then I'd be happy to be
> >> referred to any 3rd party bits of software (even if commercial or
> >> proprietary) that could?	
> >> 	
> >> I understand if the answer *should* be block-level encryption... but
> >> they're intend on file-level.	
> >
> > The obvious approach would be to write a FUSE driver. It would be
> > mounted as an overlay filesystem, and this filesystem would decrypt the
> > encrypted files on demand into a ramfs, and then re-encrypt (and shred)
> > on file close.
> 
> or, if what you really care about is file-level encryption on a
> GNU/Linux desktop and you *don't* care about files being OpenPGP
> formatted, you could look into ext4's native encryption features (see
> e4crypt(8) and related docs to get started).
> 
>      --dkg

yes, luks full disk encryption would be best of course but if
boss says no, ecryptfs file system encryption might be
acceptable. every file in an ecryptfs-mounted file system is
individually encrypted. encrypting their names as well is
optional. and it's easy enough to setup. and i haven't detected
any performance penalty (except when running du, just don't).
and i'm fairly sure ubuntu has this built-in for home directory
encryption but i don't know which versions.

cheers,
raf




More information about the Gnupg-users mailing list