[OpenAFS] encrypted volumes
Fri, 6 Feb 2009 19:22:01 +0100
Am Freitag, 6. Februar 2009 02:09:09 schrieb David Bear:
> Has there ever been much discussion on created encrypted volumes? These
> would work like a local encrypted file system - without they key, they are
> useless. I'm thinking that you might need an fs setkey or something like
> that to insert the key into the cache manager.. fs mkmount could have a
> switch that would specify it was an encrypted volume..
The problem is that volumes in AFS are not mounted and unmounted all the ti=
The are mounted into the tree once and are usually available anytime. To=20
prevent access to sensitive files, use ACLs.
Things like ecryptfs, truecrypt or LUKS only protect data as long as the=20
volume is _not_ mounted. Once mounted, normal Unix access permissions or AC=
apply. So what you could do is to create encrypted vice partitions and put=
volumes with sensitive data onto those, so that in case of theft or whateve=
the data cannot be read by the attacker.
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
-----END PGP SIGNATURE-----