You can use Lofi dev to encrypt the device below the filesystem Layer. [1] [2] [3]
You can use a container Solution I.e A ZFS Volume that is encrypted with lofidev and then has an UFS Partition inside. Somewhat like [2] but with UFS rather than ZFS inside the Volume. Or you could help review the Encryption code for upstreaming. It is already written but in Process of upstreaming. I think it's [4] but you will have to search from there further. [1] https://blogs.oracle.com/darren/encrypting-zfs-pools-using-lofi-crypto [2] https://constantin.glez.de/2012/02/27/introducing-sparse-encrypted-zfs-pools/ [3] https://napp-it.org/extensions/encryption.html [4] https://github.com/openzfs/openzfs/pull/124 --- Greetings Till On 20.11.2017 10:51, Marc Lobelle wrote: > On 20/11/17 09:06, Peter Tribble wrote: >> On Mon, Nov 20, 2017 at 9:02 AM, Marc Lobelle<[email protected]> >> wrote: >> >>> Hello, >>> >>> I am trying to recompile a program called srm (available on >>> sourceforge ) >>> for openindiana. It works as rm but makes sure that there is no trace of >>> the destroyed file in the blocks of the free list. >>> This program uses #if defined (__linux__) and #if defined (__OpenBSD__) >>> and I should replace this code with something appropriate for >>> openindiana. >>> __linux__ etc are predifines preprocessor macros, presented in >>> >>> https://sourceforge.net/p/predef/wiki/OperatingSystems/ >>> >>> However, I do not see openindiana in there, so what should I use ? >>> >> Note that if you're using ZFS (which is the default file system on >> OpenIndiana) then >> the overwriting which srm does will have no effect - the copy-on-write >> mechanism >> that ZFS uses for data integrity ensures that the "overwrite" will go >> to a >> different, >> unused, part of the device. Therefore, srm won't do any good. > Hum, this means that bcrypt will not erase the original file after > encrypying it either and the file must be decrypted to be used. How can > I make sure that its contents cannot be recovered on zfs then ? (apart > from writing the zfs encryption code that is missing in illumos zfs ; it > will have to be done eventually but I'm looking for an interim solution). > > Thanks > > Marc >> > > > _______________________________________________ > openindiana-discuss mailing list > [email protected] > https://openindiana.org/mailman/listinfo/openindiana-discuss _______________________________________________ openindiana-discuss mailing list [email protected] https://openindiana.org/mailman/listinfo/openindiana-discuss
