Revision as of 21:37, 27 September 2006 edit Intgr (talk \| contribs) Autopatrolled, Extended confirmed users, New page reviewers, Pending changes reviewers 32,266 edits Expansion ← Previous edit		Revision as of 21:41, 27 September 2006 edit undo Intgr (talk \| contribs) Autopatrolled, Extended confirmed users, New page reviewers, Pending changes reviewers 32,266 edits No edit summary Next edit →
Line 3: The advantages of filesystem-level encryption include more flexible file-based [[key management]] and [[access control]] with [[public-key encryption]] and the fact that [[key (cryptography)\|cryptographic keys]] are only kept in memory while a file using them is opened. ==~~Generic~~General-purpose filesystems with ~~file~~ encryption== Unlike cryptographic filesystems and full disk encryption, generic filesystems with filesystem-level encryption do not typically encrypt filesystem metadata, such as the directory structure, file names, modification timestamps or sizes. This can be problematic if the content to be encrypted has to be undetectable or its existance unprovable. Line 9: ==Cryptographic filesystems== Cryptographic filesystems are ~~special purpose file systems~~filesystems that are specifically designed with encryption and security in mind. They usually encrypt all the data they contain – including metadata. Instead of implementing an on-disk format and their own [[block allocation]], these filesystems are often layered on top of existing filesystems, for example, residing in a directory ~~for~~on ~~example~~a primary filesystem. Many such filesystems also offer advanced features, such as [[deniable encryption]], cryptographically secure read-only [[file system permissions]] and different views of the directory structure depending on the key ~~used~~or user. ==See also== Line 16: * [[Full disk encryption]] * [[Encrypting File System]] * [[EncFS]] * [[List of encrypting filesystems]]

Filesystem-level encryption: Difference between revisions