We have to protect sensitive files and keep them available for use by a particular user for 7+ years
We prefer self encrypted disk (SED), but, it's being too difficult to get a straight answer regarding do-ability of our application. We are currently using LUKS filesystems on several servers - so we know how good this is. We do not, however, know whether or not we can do what we want with it.
We
understand how full disk encryption (FDE) normally works: once the drive is decrypted (via
key/password, etc.) then the whole drive is visible to whomever has
system access
We do NOT want that.
Ideally,
the drive will be unreadable to everybody. During a brief period of time
when a new file is to be written to the drive and also a brief period
of time when a particular file is to be read from disk, a specific user
would "unlock" the drive for this specific task, after which the whole
drive will be unreadable to everybody.
We would consider
other scnearios; but, it is essential that all of the contents of this
disk are unreadable to everybody, except one particular user.
Furthermore,
as a file server application serving enterprise critical files,
redundancy is also a high priority. Currently, we run several SANs with
RAID 6 and prefer similar redundancy for this application.
Almost all of our servers are Linux based and we prefer the same here.
We do a high volume of PGP/GPG file encryption for file transfer; but, we prefer FDE for static files
How can we accomplish this?
Please, advise. Thank you.
~ helices
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
