Idea for GEOM and policy based file encryption
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig4C62FB53990859A065C0C028
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable
Hello,
I personally don't have the need to encrypt whole filesystems and if I
need to transfer sensitive data I use gpg to encrypt the tarball or
whatever.
But, I'd like to see some single files encrypted on my systems, eg.
wpasupplicant.conf, ipsec.conf aso.
Since I recently secured LDAP queries via IPSec, I found this to be the
absolute perfect solution. Encryption takes place only where really
needed with about no overhead (compared to SSL-LDAP)
So would it be imaginable, that there's something like the SPD for
network sockets also for files?
The idea is that in this fileSPD, there's the entry that /etc/ipsec.conf
must be aes encrypted. In a fileSA, there's the info that
/etc/ipsec.conf can be read by uid xyz (or only one specific kernel,
identified by something new to implement) and with a special key ID. The
keys are loadad as modules, optionally symmetric encrypted by passphrase.=
Was such a policy based file encryption control doable with GEOM?
Maybe it's easier to make use of existing tools like gpg with GEOM
interaction?
I don't want to reinvent any file encryption, I just need some automatic
encryption (without _mandatory_ interaction) with lowest possible bypass
possibilities.
Thanks,
-Harry
--------------enig4C62FB53990859A065C0C028
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
iEYEARECAAYFAk9po8EACgkQLDqVQ9VXb8j6xgCgxVpAQljNs8vZfCe23dGVv9vz
WnIAn275iF4JqId1nUfmaic2DdCyA1bI
=Qdxc
-----END PGP SIGNATURE-----
--------------enig4C62FB53990859A065C0C028--
討論串 (同標題文章)
完整討論串 (本文為第 1 之 7 篇):