Date: Wed, 21 Mar 2012 10:47:45 +0100 From: Harald Schmalzbauer <h.schmalzbauer@omnilan.de> To: FreeBSD current <freebsd-current@freebsd.org>, fs@freebsd.org Subject: Idea for GEOM and policy based file encryption Message-ID: <4F69A3C1.7040305@omnilan.de>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Hello, I personally don't have the need to encrypt whole filesystems and if I need to transfer sensitive data I use gpg to encrypt the tarball or whatever. But, I'd like to see some single files encrypted on my systems, eg. wpasupplicant.conf, ipsec.conf aso. Since I recently secured LDAP queries via IPSec, I found this to be the absolute perfect solution. Encryption takes place only where really needed with about no overhead (compared to SSL-LDAP) So would it be imaginable, that there's something like the SPD for network sockets also for files? The idea is that in this fileSPD, there's the entry that /etc/ipsec.conf must be aes encrypted. In a fileSA, there's the info that /etc/ipsec.conf can be read by uid xyz (or only one specific kernel, identified by something new to implement) and with a special key ID. The keys are loadad as modules, optionally symmetric encrypted by passphrase. Was such a policy based file encryption control doable with GEOM? Maybe it's easier to make use of existing tools like gpg with GEOM interaction? I don't want to reinvent any file encryption, I just need some automatic encryption (without _mandatory_ interaction) with lowest possible bypass possibilities. Thanks, -Harry [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iEYEARECAAYFAk9po8EACgkQLDqVQ9VXb8j6xgCgxVpAQljNs8vZfCe23dGVv9vz WnIAn275iF4JqId1nUfmaic2DdCyA1bI =Qdxc -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F69A3C1.7040305>