From owner-freebsd-questions@FreeBSD.ORG Sun Mar 26 03:10:13 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EDE3B16A401 for ; Sun, 26 Mar 2006 03:10:12 +0000 (UTC) (envelope-from cotharyus@gmail.com) Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 654E743D46 for ; Sun, 26 Mar 2006 03:10:12 +0000 (GMT) (envelope-from cotharyus@gmail.com) Received: by xproxy.gmail.com with SMTP id s19so772131wxc for ; Sat, 25 Mar 2006 19:10:11 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; b=YbwI0m+JOd60vGP62SUEtGbGpfvq2zHnD9D5A5mXO5mQ0HCSA6ffi87uYXgmwa+h6jRuexaZVL4lv9hGCYrh47VyvPgSNM5l+XT4/L7VMbTCJtP9ZtzbGaPJaFKWDSZ99piATo6fBo1SoBh2pTV/DActHw9W3AzATJl+jCUhHkg= Received: by 10.70.90.12 with SMTP id n12mr3096592wxb; Sat, 25 Mar 2006 19:10:11 -0800 (PST) Received: by 10.70.74.10 with HTTP; Sat, 25 Mar 2006 19:10:11 -0800 (PST) Message-ID: <715841970603251910o4aadcc6ahba49bdd13ed11018@mail.gmail.com> Date: Sat, 25 Mar 2006 21:10:11 -0600 From: Drew To: questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: File/directory encryption - recommendations X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Mar 2006 03:10:13 -0000 Hello, I am looking for a way to encrypt a directory and several subdirctories. I've been looking into how best to do this, but I'm wading through quite a lot of information, and thought this might be a good time to look for actua= l experience with this, since there seem to be quite a few choices. First let me go into a little detail of exactly what I'm requiring. Basicly, the company I work for uses a jabber server for quick and dirty internal communications. Because of my possition, some of my communications involve data that is considered sensitive within the company. To protect this, currently myself and others that require this type of security are using Gaim-encryption modules. Of course, we like to keep records of our conversations as well, which brings us to the log files for Gaim. Idealy, n= o one but me would ever have access to my workstation. But, there's always that outside chance. In order to further protect things that shouldn't be i= n other peoples hands, I would like to encrypt these log directories. It woul= d be best if it could be done on the fly (cfs?) in a way that would allow myself (and my copy of Gaim) to access, create, write, read, etc existing and new files with as little hassle to myself as possible. That said, reducing the hassle would appear to reduce security as well (anything accessing it requiring a key might be going a bit far, but I am asking for examples and suggestions), so maybe there's a middle ground. Certainly if anyone managed to log in or connect to the machine somehow with anything bu= t my user ID I would want any data contained in those files to appear as nonsense. Perferably, I would like that to happen if you try to access the files without a key even logged in as me, barring some form of once-per-session key entry. So. Fire away. I'm all ears. Thanks in advance. Drew