> > > > Is there any chance that we can come up with something that doesn't > > require something that's block-level and requires repartitioning? The > > migration path pretty much sucks if we don't try for something else. > > I think Jeremy's point about using block level encryption on real disks > for anything but removable / hotplugable devices makes sense. I also > don't think we want to encrypt the entire home directory, that would > suck for e.g. compiles of software I'm somewhat surprised nobody has mentioned encfs yet. http://arg0.net/wiki/encfs I store many things in encfs filesystems as it's rather transparent and very easy to setup and use. I imagine with very little effort support could be built into nautilus. It's already in extras as fuse-encfs. The basics are that I have one directory named ~/.encfs, which has all the encrypted bits. I then "mount" the .encfs directory into ~/encfs, where I can see things as normal files (these are arbitrary names chosen by me, any name can be used). Here's a directory listing of ~/.encfs: % ls ~/.encfs 1k2A8hy,ELen4,JmfcH-51JG R8Xs0R097CPJJoc1bG2ZzXqX y6bOnGgyYiXmKAPav7giQaS, hxc7gEQKqRa,G1 TMej1GDE,weeNiUM0XYeC6Wv Everything in that directory is utter nonsense, but the magic part is, I can rsync my encrypted directory without ill effect. This lets me backup my encrypted information without needing the key (something lacking from many encrypted filesystems. -- JB
