[Nepomuk] Indexing encrypted filesystems
Volker Krause
vkrause at kde.org
Fri Mar 23 07:52:02 UTC 2012
On Thursday 22 March 2012 20:53:57 Ivan Čukić wrote:
> > then why dont you just encrypt everything? What would be wrong with that?
>
> In order for nepomuk and plasma active to work, the encrypted stuff
> would need to be mounted on boot
> - not everything is private, no need to encrypt everything
> - no way to enter the password on a touch device before x starts,
> leading to a lot of complications
> - if it is mounted on boot, all data is accessible to all programs
> that are running and all users of the device (not covering all the
> use-cases PA wants to cover, including a theft of an already running
> device)
>
> Encrypted folders are mounted *only* when the user is in a private
> activity, and is encrypted using the password that is
> activity-specific.
That sounds exactly like what we wanted achieve in KDE PIM back then as well.
We had one crypto container for each of your private keys, so the index
database was encrypted in exactly the same way as the original content, which
means you can only access the indexed information when you are also able
access the original content too (ie. your corresponding private key has been
unlocked by password/smartcard/etc). IMHO it's a sound concept from the
security and privacy POV.
If we actually find a way to solve this problem, I'd be very interested in
reviving the encrypted email indexing code :)
regards,
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/nepomuk/attachments/20120323/f4b1a333/attachment.sig>
More information about the Nepomuk
mailing list