On Wed, 2013-04-10 at 11:55 -0400, Hashem Nasarat wrote:
I think this would be a great feature. Currently, there's an all-or-nothing approach to encryption with GNU/Linux systems, and this feature would be a good compromise between difficulty and security.
My point is not to compromise. The aim is to achieve the same level of security, but without any barriers to the user experience. Allowing you to only unlock your machine when something private is accessed, rather than all the time.
Perhaps there could be even be a default folder in a user's home directory "Private Files" or something that is encrypted by default.
My problem with this, is that it requires a big folder of everything I want protected. Rather, I want to be able to protect stuff that's still organised in a sensible place. I've heard people creating symlinks into the private directory, but this causes issues with backups and transferring files. If I have an encrypted folder ~/Documents/secrets/, and I have a regular backup of my Documents folder, it will miss the encrypted documents in the case of symlinking to a private directory. Whereas, in my implementation, the encrypted contents are located at ~/Documents/.secrets-enc/ are thus will be backed up with the rest. You can imagine the same kind of issue if you want to copy the encrypted directory over. If you have a monolithic private folder, you must copy the entire private folder, instead of just the relevant folder. What I am proposing, is a much more modular approach to security. Does this make more sense? Thanks for your feedback, Sam Bull
Attachment:
signature.asc
Description: This is a digitally signed message part