[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[newbie] overviewing the chaos

To: linux-crypto@xxxxxxxxxxxx
Subject: [newbie] overviewing the chaos
From: Jan Lühr <jluehr@xxxxxxx>
Date: Tue, 26 Oct 2004 12:55:28 +0200
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <linux-crypto.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Sender: linux-crypto-bounce@xxxxxxxxxxxx
User-agent: KMail/1.6.2

Greetings,

well, I'm looking for a way to encrypt my files, filesystem - surprised, ain't 
yeh?  ;-) But I'm getting a little bit confused by the offer.
Due to google a found a lot of ways to perform this task

- GnuPG
- aes-pipe
- aes-loop
- standard linux crypto loopback device
- Encryption using the device mapper
- ppdd loop device
- (.. some I have not found yet, but afaik there was an approach patching nfs 
or something like that)

I hope nobody blame me for being a little bit confused right know ;-)
Due to google, I found how to set up every single utility, but I haven't found 
any site comparing theses approaches, analysing 'em (from a scientific point 
of view) and give some advice for newbies.

I've been  using gpg for mail and backup encryption for years, It tend to be 
very useful, and because of using userland programs only, it is very portable 
and ideal for backups or mails I may want to decrypt on othersystems.
I used it from a very naive point of view not thinking of security in detail, 
(like multiple keys for block-device encryption).

Now the situation has changed. I purchased a laptop and want to encrypt my 
home for security reasons. (I don't want a thief or a competitor be able to 
read it). So I need I very secure filesystem encryption and aes-loop, ppdd 
and device-mapper encryption draw my attention. Due to requiring  modules / 
kernelcode and a patched util-linux it seem to be impossible to use more than 
one at the same time. (Without rebooting the system)
On the other hand I want to use some mountable encryption for portable storage 
devices as well. For instance I have a USB-Stick /DVD-RAM /-RW with some 
enclosed data I want to access on different systems.  (All systems are 
considered to be trusted).  The data should be able to be accessed form 
userland as well as kernelland based tools. I want to be able to mount it on 
some systems - on other systems userland access is necessary because I cannot 
use the kernel I want. Being able to gain access to my data with OpenBSD, 
Solaris or MacOS would also be nice. 
On the one hand, aes-pipe seems to be a perfect approach for this task, but on 
the other hand, I don't know which features of  loop-aes (like multiple keys) 
are implemented in aes-pipe, too.
So, can you show me a way out of this jungle?

Keep smiling
yanosz

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Follow-Ups:
- Re: [newbie] overviewing the chaos
  - From: markus reichelt
- Re: [newbie] overviewing the chaos
  - From: Jari Ruusu

Prev by Date: Re: Announce loop-AES-v2.2c file/swap crypto package
Next by Date: Re: [newbie] overviewing the chaos
Previous by thread: Re: Announce loop-AES-v2.2c file/swap crypto package
Next by thread: Re: [newbie] overviewing the chaos
Index(es):
- Date
- Thread