Greetings, well, I'm looking for a way to encrypt my files, filesystem - surprised, ain't yeh? ;-) But I'm getting a little bit confused by the offer. Due to google a found a lot of ways to perform this task - GnuPG - aes-pipe - aes-loop - standard linux crypto loopback device - Encryption using the device mapper - ppdd loop device - (.. some I have not found yet, but afaik there was an approach patching nfs or something like that) I hope nobody blame me for being a little bit confused right know ;-) Due to google, I found how to set up every single utility, but I haven't found any site comparing theses approaches, analysing 'em (from a scientific point of view) and give some advice for newbies. I've been using gpg for mail and backup encryption for years, It tend to be very useful, and because of using userland programs only, it is very portable and ideal for backups or mails I may want to decrypt on othersystems. I used it from a very naive point of view not thinking of security in detail, (like multiple keys for block-device encryption). Now the situation has changed. I purchased a laptop and want to encrypt my home for security reasons. (I don't want a thief or a competitor be able to read it). So I need I very secure filesystem encryption and aes-loop, ppdd and device-mapper encryption draw my attention. Due to requiring modules / kernelcode and a patched util-linux it seem to be impossible to use more than one at the same time. (Without rebooting the system) On the other hand I want to use some mountable encryption for portable storage devices as well. For instance I have a USB-Stick /DVD-RAM /-RW with some enclosed data I want to access on different systems. (All systems are considered to be trusted). The data should be able to be accessed form userland as well as kernelland based tools. I want to be able to mount it on some systems - on other systems userland access is necessary because I cannot use the kernel I want. Being able to gain access to my data with OpenBSD, Solaris or MacOS would also be nice. On the one hand, aes-pipe seems to be a perfect approach for this task, but on the other hand, I don't know which features of loop-aes (like multiple keys) are implemented in aes-pipe, too. So, can you show me a way out of this jungle? Keep smiling yanosz - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
