* the fact that [[key (cryptography)|cryptographic keys]] are only held in memory while the file that is decrypted by them is held open.
encryption decryption
==General-purpose file systems with encryption==
Unlike cryptographic file systems or full disk encryption, general-purpose file systems that include filesystem-level encryption do not typically encrypt file system [[metadata]], such as the directory structure, file names, sizes or modification timestamps. This can be problematic if the metadata itself needs to be kept confidential. In other words, if files are stored with identifying file names, anyone who has access to the physical disk can know which documents are stored on the disk, although not the contents of the documents.
One exception to this is the encryption support being added to the [[ZFS]] filesystem. Filesystem metadata such as filenames, ownership, ACLs, extended attributes are all stored encrypted on disk. The [[ZFS]] metadata about the storage pool is still stored in the clear so it is possible to determine how many filesystems (datasets) are available in the pool and even which ones are encrypted but not what the content of the stored files or directories are.
the crytographic method
You are not currently logged in. If you save any edits, your IP address will be recorded publicly in this page's edit history. If you create an account, you can conceal your IP address and be provided with many other benefits. Messages sent to your IP can be viewed on your talk page.
Please do not save test edits. If you want to experiment, please use the sandbox. If you need any help getting started with editing, see the New contributors' help page.
