Wikipedia

Filesystem-level encryption

This is an old revision of this page, as edited by 59.90.40.74 (talk) at 11:14, 14 July 2011 (Cryptographic file systems). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Filesystem-level encryption, often called file or folder encryption, is a form of disk encryption where individual files or directories are encrypted by the file system itself. This is in contrast to full disk encryption where the entire partition or disk, in which the file system resides, is encrypted.

The advantages of filesystem-level encryption include:

  • flexible file-based key management, so that each file can be and usually is encrypted with a separate encryption key
  • individual management of encrypted files e.g. incremental backups of the individual changed files even in encrypted form, rather than backup of the entire encrypted volume[clarification needed]
  • access control can be enforced through the use of public-key cryptography, and
  • the fact that cryptographic keys are only held in memory while the file that is decrypted by them is held open.

General-purpose file systems with encryption

Unlike cryptographic file systems or full disk encryption, general-purpose file systems that include filesystem-level encryption do not typically encrypt file system metadata, such as the directory structure, file names, sizes or modification timestamps. This can be problematic if the metadata itself needs to be kept confidential. In other words, if files are stored with identifying file names, anyone who has access to the physical disk can know which documents are stored on the disk, although not the contents of the documents.

One exception to this is the encryption support being added to the ZFS filesystem. Filesystem metadata such as filenames, ownership, ACLs, extended attributes are all stored encrypted on disk. The ZFS metadata about the storage pool is still stored in the clear so it is possible to determine how many filesystems (datasets) are available in the pool and even which ones are encrypted but not what the content of the stored files or directories are.

the crytographic method You are not currently logged in. If you save any edits, your IP address will be recorded publicly in this page's edit history. If you create an account, you can conceal your IP address and be provided with many other benefits. Messages sent to your IP can be viewed on your talk page.

Please do not save test edits. If you want to experiment, please use the sandbox. If you need any help getting started with editing, see the New contributors' help page.

See also


 

This cryptography-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Filesystem-level_encryption&oldid=439419486"