Encryption on Unix

[f1sh3r]

im working on some stuff for school, and a question about Unix encryption has popped up. I've already read about crypt and mcrypt commands, but what other types of encryption are currently offered for Unix?

I've read about some various pages regarding user based file system encryption. Does anyone have any experience with this? Are files/folders recoverable in the event of a hardware issue like Windows' recovery agents? I'm more interested in this aspect, and any available programs or libraries that are reliable and trusted among IT pros.

tia,

 

[lousydood]

GNU PG -- public and symmetric key cryptography program
libssl

There's some encrypted filesystem stuff but that's kernel-based, not user. You could make a filesystem-in-a-file that is created by a user, I suppose.

crypt is solely for the use of one-way hashing passwords. And it sucks for that purpose too. Never use it for anything else.

 

[Nothinman]

Most of the low level encryption available for Linux (dm-crypt is what I use) uses passphrases instead of certificates so you don't need to worry about a recovery agent, any Linux box that supports dm-crypt can unlock the volume if you know the passphrase.

 

[kamper]

Originally posted by: lousydood
There's some encrypted filesystem stuff but that's kernel-based, not user. You could make a filesystem-in-a-file that is created by a user, I suppose.

I use encfs which is userspace. It has a 1-to-1 relationship of encrypted files/directories to real ones, so you can see the directory structure, but the filenames are encrypted so you can't tell what they are. It's nice in that you don't have to worry about filesystem resizing and corruption will only kill you one file at a time instead of losing a whole partition. It's linux only as far as I know although I'm sure it can be made to work with any kernel that can handle fuse.