> I am hoping someone can give me advice on file encryption. I would like > to encrypt a file and store it on my filesystem. I would like to encrypt > the file so that my data is not readable by someone who gains root > access or physical access to my computer. I do not intend to share the > data with anyone else so a public/private key system is optional. > > I did some Googling and some reading of man pages and I have come up > with 3 options thus far: > > 1. bdes(1) > > 2. gpg -c (/usr/ports/security/gnupg) > > 3. gpg (/usr/ports/security/gnupg) with a public/private key pair for me > plus a passphrase
4. gbde (on FreeBSD >= 5.X) encrypts a whole filesystem. It is much easier to use than utilities that encrypt single files. 5. bdes/idea/gpg/... on top of gbde (storing an encrypted file on an encrypted filesystem). IMHO, it's not really the encryption algorithm that is the weak link, but: a. tempfiles (or shreds of temp files) that are not physically overwritten (including swap memory), b. poor passphrases (too short or not random enough) c. human error. Many programs write to temporary files (including buffers), before writing the final versions out to disk. If you use encrypted filesystems (like gbde) everywhere a tempfile is likely to be dropped (don't forget [/var]/tmp and swap), your data would be much safer. -- Cordula's Web. http://www.cordula.ws/ _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"