request: encryption support on file open/save
Christopher Browne
cbbrowne@hex.net
Wed, 06 Sep 2000 21:18:07 -0500
On 06 Sep 2000 11:59:50 EDT, the world broke into rejoicing as
Derek Atkins <warlord@MIT.EDU> said:
> Why not just use a crypto filesystem? PGP (and gpg) are useful for
> encrypting files for transmission, but really should not be used for
> long-term data storage. You should be using data-storage encryption
> for that.
That's a good thought...
There's a whole lot of merit to installing something like CFS
<http://fire.csua.ucla.edu/security/#cfs> that takes a directory and
mounts it using an NFS interface on /crypt, thus...
% cmkdir ~/private.files
Key: [my secret key]
Again: [my secret key]
% cattach ~/private.files private
Key: [my secret key]
% mv mygnucashfile.xac /crypt/private
% ls -l /crypt/private
total 58
-rw-rw-r-- 1 cbbrowne cbbrowne 57420 Sep 6 21:11 mygnucashfile.xac
% ls -l ~/private.files
total 58
-rw-rw-r-- 1 cbbrowne cbbrowne 57428 Sep 6 21:11 8387f035eb45002b69b632f86dd511fcdf84886d02e34fed
Note that this approach is usable for _ANY_ application, and as it
requires _NO_ code internal to applications, apps are not vulnerable
to there being a one line error that _demolishes_ the integrity of the
security scheme.
--
aa454@freenet.carleton.ca - <http://www.ntlug.org/~cbbrowne/crypto.html>
Pound for pound, the amoeba is the most vicious animal on earth.