[Nepomuk] Indexing encrypted filesystems

[Ivan Čukić]

This part of the discussion is a bit moot, it was discussed several
months ago, but lets summarize.

> ecryptfs, encfs or dm-crypt + LUKS as well - when its running, decryption
> is setup and working. I see no way around this.

Decrypting only the current activity, unmount on device lock.

> What could be done is some access restrictions like KWallet does.

Access restrictions are not security for direct device access.

> So for what I gather, what you plan to work on is the case, when its not
> the complete home directory that is encrypted, but another directory,
> maybe a sub directory of it.

All of that is already implemented. The only remaining part is nepomuk
integration with private activities.

> I don´t know whether having mutiple virtuoso databases is something thats
> feasible at all tough.

Not really since then you can't make cross queries.

> When you store filename and types of files thats IMHO already quite some
> information leak.

Yes, if we are not able to go around that, it will have to be
communicated to the users.

> Would it be possible to have encryption on single Virtuoso database
> entries?

This was one of the ideas we had. But we can't really count on
Virtuoso people to do it soonish - we need it now.

-- 
Cheerio,
Ivan

--
While you were hanging yourself on someone else's words
Dying to believe in what you heard
I was staring straight into the shining sun