[Nepomuk] Indexing encrypted filesystems
Martin Steigerwald
Martin at lichtvoll.de
Sat Mar 24 11:03:04 UTC 2012
Am Mittwoch, 21. März 2012 schrieb Ivan Čukić:
[… store the meta-data in some encrypted form …]
> > How can we do that? Encrypt the entire virtuoso repository?
>
> No, that wouldn't have any effect - because it would need to be
> (virtually) decrypted while nepomuk is running, and everything could
> get the data. I don't care about this part at the moment. (aka,
> *later*)
I already use Nepomuk to index an ecryptfs, formerly encfs - ecryptfs is
just so much faster. But its the whole home directory.
Works just well.
And about the need to be decrypted while running - thats the same with
ecryptfs, encfs or dm-crypt + LUKS as well - when its running, decryption
is setup and working. I see no way around this.
What could be done is some access restrictions like KWallet does.
So for what I gather, what you plan to work on is the case, when its not
the complete home directory that is encrypted, but another directory,
maybe a sub directory of it.
How about some support of several Virtuoso databases? And then just store
the one containing the index of that encrypted directory in the encrypted
directory? Then its only decrypted when the data in the directory itself
is decrypted which does not sound like a big deal to me.
I don´t know whether having mutiple virtuoso databases is something thats
feasible at all tough.
Ciao,
--
Martin 'Helios' Steigerwald - http://www.Lichtvoll.de
GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7
More information about the Nepomuk
mailing list