Thanks Till,
I like your ref [2]. I'll try something like that. It can be
equivalent on the user side and privacy side to what I do on solaris
with encrypted zfs, just a bit heavier. But the advantage is that the
backups are encrypted too.
Best regards
Marc
Le 20/11/17 09:36, Till Wegmüller a écrit :
You can use Lofi dev to encrypt the device below the filesystem Layer.
[1] [2] [3]
You can use a container Solution I.e A ZFS Volume that is encrypted with
lofidev and then has an UFS Partition inside. Somewhat like [2] but with
UFS rather than ZFS inside the Volume.
Or you could help review the Encryption code for upstreaming. It is
already written but in Process of upstreaming. I think it's [4] but you
will have to search from there further.
[1] https://blogs.oracle.com/darren/encrypting-zfs-pools-using-lofi-crypto
[2]
https://constantin.glez.de/2012/02/27/introducing-sparse-encrypted-zfs-pools/
[3] https://napp-it.org/extensions/encryption.html
[4] https://github.com/openzfs/openzfs/pull/124
---
Greetings
Till
On 20.11.2017 10:51, Marc Lobelle wrote:
On 20/11/17 09:06, Peter Tribble wrote:
On Mon, Nov 20, 2017 at 9:02 AM, Marc Lobelle<[email protected]>
wrote:
Hello,
I am trying to recompile a program called srm (available on
sourceforge )
for openindiana. It works as rm but makes sure that there is no trace of
the destroyed file in the blocks of the free list.
This program uses #if defined (__linux__) and #if defined (__OpenBSD__)
and I should replace this code with something appropriate for
openindiana.
__linux__ etc are predifines preprocessor macros, presented in
https://sourceforge.net/p/predef/wiki/OperatingSystems/
However, I do not see openindiana in there, so what should I use ?
Note that if you're using ZFS (which is the default file system on
OpenIndiana) then
the overwriting which srm does will have no effect - the copy-on-write
mechanism
that ZFS uses for data integrity ensures that the "overwrite" will go
to a
different,
unused, part of the device. Therefore, srm won't do any good.
Hum, this means that bcrypt will not erase the original file after
encrypying it either and the file must be decrypted to be used. How can
I make sure that its contents cannot be recovered on zfs then ? (apart
from writing the zfs encryption code that is missing in illumos zfs ; it
will have to be done eventually but I'm looking for an interim solution).
Thanks
Marc
_______________________________________________
openindiana-discuss mailing list
[email protected]
https://openindiana.org/mailman/listinfo/openindiana-discuss
_______________________________________________
openindiana-discuss mailing list
[email protected]
https://openindiana.org/mailman/listinfo/openindiana-discuss
_______________________________________________
openindiana-discuss mailing list
[email protected]
https://openindiana.org/mailman/listinfo/openindiana-discuss
