From owner-freebsd-questions@FreeBSD.ORG  Fri Nov 21 17:28:00 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 604CA16A4CE
	for <freebsd-questions@freebsd.org>;
	Fri, 21 Nov 2003 17:28:00 -0800 (PST)
Received: from rwcrmhc12.comcast.net (rwcrmhc12.comcast.net [216.148.227.85])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 954A143FE9
	for <freebsd-questions@freebsd.org>;
	Fri, 21 Nov 2003 17:27:57 -0800 (PST)
	(envelope-from freebsd-questions-local@be-well.ilk.org)
Received: from be-well.no-ip.com ([66.30.200.37])
          by comcast.net (rwcrmhc12) with ESMTP
          id <2003112201275701400osqcoe>; Sat, 22 Nov 2003 01:27:57 +0000
Received: by be-well.no-ip.com (Postfix, from userid 1147)
	id BC4AA3A; Fri, 21 Nov 2003 20:27:56 -0500 (EST)
Sender: lowell@be-well.ilk.org
To: "Paul Hamilton" <paul@bdug.org.au>
References: <AGEHIFHGNEMPFNCPLONMAEJKFHAA.paul@bdug.org.au>
From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
Date: 21 Nov 2003 20:27:56 -0500
In-Reply-To: <AGEHIFHGNEMPFNCPLONMAEJKFHAA.paul@bdug.org.au>
Message-ID: <44smkhmbtv.fsf@be-well.ilk.org>
Lines: 27
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
cc: Freebsd-Questions <freebsd-questions@freebsd.org>
Subject: Re: Automatically encrypting  data files in a partition.
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Nov 2003 01:28:00 -0000

"Paul Hamilton" <paul@bdug.org.au> writes:

> I need a way to store different directory trees and files with different
> encryption keys, i.e..
> 
> /data/mars  /data/mars/one /data/mars/two etc  all are encrypted with one
> key and
> 
> /data/venus   /data/venus/one   /data/venus/two  etc, would have a different
> key.
> 
> Ideally, the directory structure, and file names wouldn't be encrypted.
> /data is an independent partition.
> 
> Some of these files, could be MS Office data files, others might be MS
> program *.exe files etc.  It would be nice if this happened at the
> filesystem level, i.e., I would enter a key and the root dir name for each
> 'data tree' into the config file, reload the config file into the
> 'encryption filesystem program' and all would be sweet ;-)

The closest thing I know of is cfs (in the ports).  It encrypts some
of the directory structures as well, which is usually desirable
because they can contain secret information as well (think of a file
named "CompanyX_Merge_Plans.doc").  I don't know if it's capable of
handling passphrases centrally as opposed to on a user-session basis,
but if so, you would need someone with the password present every time
you booted the machine.