Robert P. J. Day worte: <snip> : is there a guide somewhere to *all* of the solutions for encrypted : filesystems under fedora? i haven't set one up for quite some time, : but i'd like to know what my options are. for example, AIUI, there is : also the ecryptfs technique which is different from the above, yes? : : how does it differ? is one technologically superior to the other? : can this encryption be done in place on an unencrypted filesystem? : and can anyone stop the new england patriots juggernaut? so many : questions ... : Though not a full answer to your question, this link: <http://ecryptfs.sourceforge.net/ecryptfs-faq.html#novelty> gives a nice comparison of the two major flavours of filesytem encrption. Run down to: Q: How does eCryptfs compare with other Linux disk encryption solutions? on the above link. For me, the main advantage of "Stacked Filesystem Encryption" (e.g. eCryptfs) over the block-based methods is its selectivity. You can encrypt any subset of a filesystem and leave less sensitive stuff in the clear, whereas the block-based methods require the whole FS, including meta-data to be encrypted. The latter has both advantages and disadvantages. One disadvantage is that every single byte must be en/decrypted, which affects performance. One advantage is that the metadata of the filesystem is encrypted so stuff like the filenames themselves are not in the clear. In certain cases, one's filenames, themselves, contain sensitive info. (E.g., plans_for_making_a_portable_thermonuclear_device.txt :-) I used eCryptfs on a few sensitive directories of my system while travelling through certain countries last summer. It was very easy to setup and use after I read the well-written docs. Once the encryption layer is mounted, access is entirely transparent. Regarding the OP's original question, I don't see any reason why it would not work in an LVM environment, but I have not actually tried it. Dean
