Hello, I personally don't have the need to encrypt whole filesystems and if I need to transfer sensitive data I use gpg to encrypt the tarball or whatever. But, I'd like to see some single files encrypted on my systems, eg. wpasupplicant.conf, ipsec.conf aso. Since I recently secured LDAP queries via IPSec, I found this to be the absolute perfect solution. Encryption takes place only where really needed with about no overhead (compared to SSL-LDAP) So would it be imaginable, that there's something like the SPD for network sockets also for files? The idea is that in this fileSPD, there's the entry that /etc/ipsec.conf must be aes encrypted. In a fileSA, there's the info that /etc/ipsec.conf can be read by uid xyz (or only one specific kernel, identified by something new to implement) and with a special key ID. The keys are loadad as modules, optionally symmetric encrypted by passphrase. Was such a policy based file encryption control doable with GEOM? Maybe it's easier to make use of existing tools like gpg with GEOM interaction? I don't want to reinvent any file encryption, I just need some automatic encryption (without _mandatory_ interaction) with lowest possible bypass possibilities. Thanks, -Harry
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:25 UTC