On Mon, 30 Jul 2012 10:16:59 +0530 SaNtosh kuLkarni <[email protected]> wrote: | I wanted something like this to make things more secure.Use a seperate key | for encrypting each file and directory,i know encfs uses IV'ed key for each | file.I guess the directory lookup would be hit. |
For per-file encryption, EncFS may not be the best thing. For techniques of per-file encryption see... http://www.ict.griffith.edu.au/anthony/inof/crypto/file_encrypt.hints The file details method for encrypting files using PGP/GPG, and OpenSSL, as well as more advanced form (using a iterative password hashing function, whcih is included in the openssl library but which openssl file encryption does not use!) The above link includes methods to security edit encrypted files, without decrypting the file to disk. That is you use vim filename.enc or vim filename.ossl or vim filename.pgp You will then be prompted for the files password. After that the decrypted file is in vim's memory buffer for editing. At no time is the data decrypted to disk. You will need to give password (twice) again to save changes to the data again (to re-encrypt by the chosen encryption method, in vim's buffer, and write it). That sounds more like what you are after. I have a number of individually encrypted files (account password, web passwords, personal information, etc..) as well as a number of EncFS directories (bank details and files, private data, etc). I used to use Block encrypted File Systems, such a LUKS dmcrypt, but use replaced those with EncFS as being more versitile. Dmcrypt however is useful if you want complete laptop protection, but EncFS is better for day-to-day encryption. Actually I recently moved my encrypted data into the "ks" (short for "key store" system. I developed "ks" for holding EncFS master passwords and configuration files. That is I keep the EncFS configuration encrypted and seperate to the actual encrypted data directories, (which may be stored in the cloud). this provides extra security as the 'key files' can be stored on a physical usb stick, and without them the EncFS data can not be decrypted. However the 'key files' are basically just encrypted files, stored using a hashed filename. they actually look like a EncFS filesystem (though it isn't). As such I now also use "ks" to save individual file encryptions too. That is ks -e passwds looks for the filename created from the 'passwds' hash, and runs a "vim" to edit that 'file' directly. Even though the 'key file' file does not contain data for a EncFS directory mount, I find it convenient than using "vim" directly on a "filename.enc" file, without needing to know where that file is (such as on a USB stick I just plugged in, or my home "ks" sub-directory). The "ks" script is quite simple and well commented perl, so is easy to modify to create your own system. See the software ("encrypt", and "ks") from... http://www.ict.griffith.edu.au/anthony/software/#encryption Which goes with the previous link given for VIM editing. Anthony Thyssen ( System Programmer ) <[email protected]> -------------------------------------------------------------------------- Would the pilot of the 747 parked outside the window, please return to the cockpit. You've left your lights on! -- Tokyo Airport Announcement -- Digimon -------------------------------------------------------------------------- Anthony's Castle http://www.ict.griffith.edu.au/anthony/ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Encfs-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/encfs-users
