Wikipedia

Filesystem-level encryption: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Cydebot (talk | contribs)
6,812,251 edits
m Robot - Moving category Utility software type to Category:Utility software types per CFD at Wikipedia:Categories for discussion/Log/2012 August 13.
No edit summary
Line 4:
The advantages of filesystem-level encryption include:
* flexible file-based [[key management]], so that each file can be and usually is encrypted with a separate encryption key
* individual management of encrypted files e.g. incremental backups of the individual changed files even in encrypted form, rather than backup of the entire encrypted volume{{clarify|how it differs from a _non-crypto_ incremental-backup, please... and the purpose (e.g. importance of backingbackin'''g up to another encrypted physical-disk so data remains secure but a lost token, lost disk, etc doesn't make the data irretrievable?)|date=January 2011}}
* [[access control]] can be enforced through the use of --[[Special:Contributions/125.19.212.165|125.19.212.165]] ([[User talk:125.19.212.165|talk]]) 19:18, 9 October 2012 (UTC)[[public-key cryptography]], and
* the fact that [[key (cryptography)|cryptographic k--[[Special:Contributions/125.19.212.165|125.19.212.165]] ([[User talk:125.19.212.165|talk]]) 19:18, 9 October 2012 (UTC)--[[Special:Contributions/125.19.212.165|125.19.212.165]] ([[User talk:125.19.212.165|talk]]) 19:18, 9 October 2012 (UTC)--[[Special:Contributions/125.19.212.165|125.19.212.165]] ([[User talk:125.19.212.165|talk]]) 19:18, 9 October 2012 (UTC)--[[Special:Contributions/125.19.212.165|125.19.212.165]] ([[User talk:125.19.212.165|talk]]) 19:18, 9 October 2012 (UTC)--[[Special:Contributions/125.19.212.165|125.19.212.165]] ([[User talk:125.19.212.165|talk]]) 19:18, 9 October 2012 (UTC)''''''Bold text''''''Bold text''''''eys]] are only held in memory while the file that is decrypted by them is held open.
* the fact that [[key (cryptography)|cryptographic keys]] are only held in memory while the file that is decrypted by them is held open.
 
==General-purpose file systems with encryption==
Unlike cryptographic file systems or''''''--[[Special:Contributions/125.19.212.165|125.19.212.165]] ([[User talk:125.19.212.165|talk]]) 19:18, 9 October 2012 (UTC)Bold text''' full disk encryption, general-purpose file systems that include filesystem-level encryption do not typically encrypt file system [[metadata]], such as the directory structure, file names, sizes or modification timestamps. This can be problematic if the metadata itself needs to be kept confidential. In other words, if files are stored with identifying file names, anyone who has access to the physical disk can know which documents are stored on the disk, although not the contents of the documents.
 
One exception to this is the encryption support being added to the [[ZFS]] filesystem. Filesystem metadata such as filenames, ownership, ACLs, extended attributes are all stored encrypted on disk. The [[ZFS]] metadata about the storage pool is still stored in the clear so it is possible to determine how many filesystems (datasets) are available in the pool and even which ones are encrypted but not what the content of the stored files or directories are.
Retrieved from "https://en.wikipedia.org/wiki/Filesystem-level_encryption"