Idea for GEOM and policy based file encryption

From: Harald Schmalzbauer <h.schmalzbauer_at_omnilan.de>
Date: Wed, 21 Mar 2012 10:47:45 +0100
 Hello,

I personally don't have the need to encrypt whole filesystems and if I
need to transfer sensitive data I use gpg to encrypt the tarball or
whatever.
But, I'd like to see some single files encrypted on my systems, eg.
wpasupplicant.conf, ipsec.conf aso.
Since I recently secured LDAP queries via IPSec, I found this to be the
absolute perfect solution. Encryption takes place only where really
needed with about no overhead (compared to SSL-LDAP)
So would it be imaginable, that there's something like the SPD for
network sockets also for files?
The idea is that in this fileSPD, there's the entry that /etc/ipsec.conf
must be aes encrypted. In a fileSA, there's the info that
/etc/ipsec.conf can be read by uid xyz (or only one specific kernel,
identified by something new to implement) and with a special key ID. The
keys are loadad as modules, optionally symmetric encrypted by passphrase.

Was such a policy based file encryption control doable with GEOM?
Maybe it's easier to make use of existing tools like gpg with GEOM
interaction?
I don't want to reinvent any file encryption, I just need some automatic
encryption (without _mandatory_ interaction) with lowest possible bypass
possibilities.

Thanks,

-Harry


Received on Wed Mar 21 2012 - 08:52:40 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:25 UTC