<br><br><div class="gmail_quote">On Thu, Feb 4, 2010 at 9:08 AM, Ed Cashin <span dir="ltr"><<a href="mailto:ecashin@noserose.net">ecashin@noserose.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
With encfs, I think the norm is for the files to be encrypted,<br>
and encfs gives you a decrypted filesystem "view" of those files.<br>
By "norm", I mean that if somebody boots your computer but<br>
can't run encfs with your password, they see the encrypted files.<br>
<br>
But I'd like the opposite: A filesystem that gives me an encrypted<br>
view of the files that are lying unencrypted on my Linux host or<br>
MacBook. That way I can rdiff-backup the encrypted view to an<br>
less trusted remote location, and I can continue to use my filesystem<br>
as it is (only sensitive files are encrypted) for normal use.<br>
<br></blockquote></div><br>I mainly use LUKS because at the time I started encrypting filesystems, it was there and it was stable. Too much of a pain to redo my encryption setup securely.<br><br>Anyway, take a look at duplicity (<a href="http://www.nongnu.org/duplicity/">http://www.nongnu.org/duplicity/</a>). It uses GPG to encrypt data as it transfers it, and it can transfer only deltas or full backups (via rdiff). I'm probably going to be using that for my backups.<br>
<br clear="all"><br>-- <br>David Tomaschik, RHCE<br>System Administrator/Developer<br><a href="http://tuxteam.com">http://tuxteam.com</a><br>GPG: 0x6D428695<br>