Hi All,
Existing file encryption tools, like dm-crypt, fscrypt and eCryptfs provide only encryption of files only until file system is mounted. (data at rest)
The moment it became mounted, every user of computer can try to access the data.
I do not understand why linux kernel key belonging to only one user can not be used at every read/write to decrypt data only for him?
Evidently I do not understand the reason why mount of user home directory during login (Ubunty's eCrypfs) do not use user's session kernel key to allow only holder of this key to encrypt/decrypt files?
Thx,
Lev
_______________________________________________ Kernelnewbies mailing list [email protected] https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
