Content deleted Content added
No edit summary Tags: Reverted possible vandalism Visual edit Mobile edit Mobile web edit |
m Reverted edits by 102.250.3.59 (talk) (HG) (3.4.10) |
||
Line 1:
{{Unreferenced|date=July 2009}}
'''Filesystem-level encryption''', often called '''file-based encryption''', '''FBE''', or '''file/folder encryption''', is a form of [[disk encryption]] where individual files or directories are [[encryption|encrypted]] by the [[file system]] itself.
This is in contrast to the [[full disk encryption]] where the entire partition or disk, in which the file system resides, is encrypted.
Types of filesystem-level encryption include:
* the use of a 'stackable' '''cryptographic filesystem''' layered on top of the main file system
* a single ''general-purpose'' file system with encryption
The advantages of filesystem-level encryption include:
* flexible file-based [[key management]], so that each file can be and usually is encrypted with a separate encryption key{{citation needed|date=November 2013}}
* individual management of encrypted files e.g. incremental backups of the individual changed files even in encrypted form, rather than backup of the entire encrypted volume{{clarify|how it differs from a _non-crypto_ incremental-backup, please... and the purpose (e.g. importance of backing up to another encrypted physical-disk so data remains secure but a lost token, lost disk, etc doesn't make the data irretrievable?)|date=January 2011}}
* [[access control]] can be enforced through the use of [[public-key cryptography]], and
* the fact that [[key (cryptography)|cryptographic keys]] are only held in memory while the file that is decrypted by them is held open.
==General-purpose file systems with encryption==
| |||