Re: Stupid Symantec
On 3/16/2018 9:16 AM, Steven Maddox wrote: > I get the impression they want the decryption happening on the end users > machines. > > Presumably so that if any users got the idea to just 'upload' a file > online - it'd be the encrypted version of that file. Course someone can > just get around that by opening an encrypted file - then just saving it > to a new local location :D Since it is automatically decrypted when opened, the uploaded file would be decrypted. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Stupid Symantec
On 3/16/2018 9:15 AM, Andrew Gallagher wrote: > How does that work when the decryption key is on the client? I don't think it is on the client. The private key is stored on the server and is decrypted when you log in. At least I think that's how it works. I've never actually tried using EFS on a server. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Stupid Symantec
I get the impression they want the decryption happening on the end users machines. Presumably so that if any users got the idea to just 'upload' a file online - it'd be the encrypted version of that file. Course someone can just get around that by opening an encrypted file - then just saving it to a new local location :D But I don't make the rules around here. Steven Maddox Lantizia On 16/03/18 13:07, Phil Susi wrote: > On 3/16/2018 4:11 AM, Steven Maddox wrote: >> Yeah I just use LUKS on my PC to protect local files, but this is (as >> above) for files on SMB/Windows shares... sorry for not mentioning that >> sooner. > I believe you can enable EFS on the windows server and it will handle > decrypting the file before sending it over SMB. Then you don't need any > special software or configuration on the clients. > ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Stupid Symantec
> On 16 Mar 2018, at 13:07, Phil Susi wrote: > > I believe you can enable EFS on the windows server and it will handle > decrypting the file before sending it over SMB. Then you don't need any > special software or configuration on the clients. How does that work when the decryption key is on the client? A ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Stupid Symantec
On 3/16/2018 4:11 AM, Steven Maddox wrote: > Yeah I just use LUKS on my PC to protect local files, but this is (as > above) for files on SMB/Windows shares... sorry for not mentioning that > sooner. I believe you can enable EFS on the windows server and it will handle decrypting the file before sending it over SMB. Then you don't need any special software or configuration on the clients. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Stupid Symantec
> On 16 Mar 2018, at 08:11, Steven Maddox wrote: > > Yeah this would be a cool approach that'd mean less reliance on the > kernel. However the files we (me and my colleagues) access (although > they're all using Windows PCs) are on SMB/Windows shares... so somehow > the overlay would have to work with that. If you mounted the remote filesystem using smbfs you should be able to mount an overlayfs over the top, just like any other mounted filesystem. A ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Stupid Symantec
On 15/03/18 17:03, Phil Susi wrote: > Windows has this feature built in already, why not just use that? I'm not a Windows user, I mentioned that I'm a Linux desktop user in my original post. -- On 15/03/18 17:11, Andrew Gallagher wrote: > The obvious approach would be to write a FUSE driver Yeah this would be a cool approach that'd mean less reliance on the kernel. However the files we (me and my colleagues) access (although they're all using Windows PCs) are on SMB/Windows shares... so somehow the overlay would have to work with that. -- On 15/03/18 17:11, Andrew Gallagher wrote: > I saw a commercial product here that might do what you want I'll take a closer look thanks... although on first glance I can't see anything about SMB/Windows share support (for remote files it just mentions SSH). -- On 15/03/18 22:39, Daniel Kahn Gillmor wrote: > you could look into ext4's native encryption features and... On 16/03/18 00:58, gn...@raf.org wrote: > luks full disk encryption would be best Yeah I just use LUKS on my PC to protect local files, but this is (as above) for files on SMB/Windows shares... sorry for not mentioning that sooner. -- Any other ideas welcome :) To be honest I was kind of hoping someone would pop up an say there was a PGP-compatible open source alternative kernel module that did the same thing! Perhaps this was something the PGP guys kept closed source and Symantec have continued to keep it that way since they bought them out? -- Steven Maddox Lantizia ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users