I was thinking that GELI could encrypt a ZFS dataset which contains subdirectories in which each file is stored.
I’m still in the early days of putting the idea together, since it needs to be a fork, so there’s probably stuff to worked out. > On 20 Nov 2017, at 20.22, Niels Kobschaetzki <[email protected]> wrote: > > Isn’t GELI a GEOM-class? and those are for GEOMs, how are single files like > pass uses them GEOMs? Do you want to create a zfs set for each password and > then put GELI on top of that to encrypt it? > > Niels > > On 20. Nov 2017, at 19:58, Daniel Jensen <[email protected] > <mailto:[email protected]>> wrote: > >> So it’s probably better to fork pass into zpass or something similar, since >> it’ll be exclusively for ZFS datasets and can optionally use GELI instead of >> GPG. >> >> Will give it some thought, but perhaps it wasn’t really a good idea for a >> feature request after-all. >> >> For reference, here are some links that should work: >> https://man.freebsd.org/geli(8) <https://man.freebsd.org/geli(8)> >> https://man.freebsd.org/ggatel(8) <https://man.freebsd.org/ggatel(8)> >> >>> On 20 Nov 2017, at 19.51, Kenny Evitt <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> (Don't forget to 'reply all' to keep the thread on the list.) >>> >>> Those links don't work for me. But I was able to get at least a sense of >>> what `geli` and `ggatel` are based on some cursory review of Google search >>> results for those terms. Basically, FreeBSD can encrypt arbitrary >>> filesystems. >>> >>> I can't think of what support Pass could have that would be relevant to >>> these features. What specifically do you want to do with Pass and these >>> features that you can't currently? >>> >>> First, being only available on FreeBSD seems pretty limiting. Why would >>> Pass add features only available on one platform? >>> >>> Second, why would you want to combine those features with Pass? Or are you >>> requesting that Pass be modified to (optionally?) make use of the FreeBSD >>> filesystem encryption features *instead* of using GPG (and any other >>> extensions available)? >>> >>> I don't speak for the author and maintainer, but I'd guess this would make >>> more sense as a Pass-like or Pass-inspired project. >>> >>> Pass repos are just directories with GPG-encrypted files. (There's some >>> conventions about what keys should be used to encrypt which files based on >>> *.gpg-id* files in the root directory or sub-directories.) They can also be >>> a Git repo for tracking changes. But besides that they're (perfectly?) >>> independent of any specific filesystem. Would adding support for the >>> FreeBSD GEOM features change that? >>> >>> On Mon, Nov 20, 2017 at 8:15 AM, Daniel Jensen <[email protected] >>> <mailto:[email protected]>> wrote: >>> Well, it’s a feature that’ll pretty much only work on FreeBSD since it >>> requires GEOM. >>> >>> GEOM ELI (https://man.freebsd.org/geli(8)) >>> <https://man.freebsd.org/geli(8))> and GGATEL >>> (https://man.freebsd.org/ggatel(8)) <https://man.freebsd.org/ggatel(8))> >>> can be used to mount a disk image as a directory, which is where pass >>> stores its data structure. >>> >>> >>>> On 20 Nov 2017, at 14.09, Kenny Evitt <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> I'm using ZFS on some servers, but not with Pass. What kind of features >>>> would you want to add to Pass related to ZFS or ZFS datasets? >>>> >>>> What's GELI? >>>> >>>> Depending on what it is exactly that you want, it could probably be >>>> implemented as a Pass extension. I'm pretty skeptical that these features, >>>> whatever they are, would be sensibly added to Pass itself. >>>> >>>> On Sun, Nov 19, 2017 at 12:22 PM D. Ebdrup <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> ZFS datasets and GELI are really powerful things and would be a great >>>> >>>> addition to password-store, so I’m wondering if it’s possible to >>>> >>>> implement this. >>>> >>>> >>>> >>>> >>>> >>>> Alternative, if it’s something I can figure out to do, or find someone >>>> >>>> with the skill to add it, is it a feature that would be accepted? >>>> >>>> >>>> _______________________________________________ >>>> >>>> Password-Store mailing list >>>> >>>> [email protected] <mailto:[email protected]> >>>> >>>> https://lists.zx2c4.com/mailman/listinfo/password-store >>>> <https://lists.zx2c4.com/mailman/listinfo/password-store> >>>> >>> >>> >> >> _______________________________________________ >> Password-Store mailing list >> [email protected] <mailto:[email protected]> >> https://lists.zx2c4.com/mailman/listinfo/password-store >> <https://lists.zx2c4.com/mailman/listinfo/password-store>
_______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
