public inbox for [email protected]
help / color / mirror / Atom feedData Partition Encryption documentation
5+ messages / 3 participants
[nested] [flat]
* Data Partition Encryption documentation
@ 2013-04-18 20:16 Adam Vande More <[email protected]>
2013-06-20 02:20 ` Re: Data Partition Encryption documentation Peter Eisentraut <[email protected]>
0 siblings, 1 reply; 5+ messages in thread
From: Adam Vande More @ 2013-04-18 20:16 UTC (permalink / raw)
To: pgsql-docs
On this page http://www.postgresql.org/docs/9.2/static/encryption-options.html,
"gbde" is listed as the method for encrypting block devices. While
correct, "geli" is a much more appropriate mention as it's a more
powerful(e.g. aes-ni support) and secure(more ciphers, data
authentication,etc) solution.
Please CC any replies as I'm not subscribed to the list.
--
Adam Vande More
--
Sent via pgsql-docs mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-docs
^ permalink raw reply [nested|flat] 5+ messages in thread
* Re: Data Partition Encryption documentation
2013-04-18 20:16 Data Partition Encryption documentation Adam Vande More <[email protected]>
@ 2013-06-20 02:20 ` Peter Eisentraut <[email protected]>
2013-06-20 02:45 ` Re: Data Partition Encryption documentation Adam Vande More <[email protected]>
0 siblings, 1 reply; 5+ messages in thread
From: Peter Eisentraut @ 2013-06-20 02:20 UTC (permalink / raw)
To: Adam Vande More <[email protected]>; +Cc: pgsql-docs
On Thu, 2013-04-18 at 15:16 -0500, Adam Vande More wrote:
> On this page http://www.postgresql.org/docs/9.2/static/encryption-options.html,
> "gbde" is listed as the method for encrypting block devices. While
> correct, "geli" is a much more appropriate mention as it's a more
> powerful(e.g. aes-ni support) and secure(more ciphers, data
> authentication,etc) solution.
Could you provide an updated wording? (E.g., should we just replace
gbde by geli, or list both?)
--
Sent via pgsql-docs mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-docs
^ permalink raw reply [nested|flat] 5+ messages in thread
* Re: Data Partition Encryption documentation
2013-04-18 20:16 Data Partition Encryption documentation Adam Vande More <[email protected]>
2013-06-20 02:20 ` Re: Data Partition Encryption documentation Peter Eisentraut <[email protected]>
@ 2013-06-20 02:45 ` Adam Vande More <[email protected]>
2013-12-02 21:15 ` Re: Data Partition Encryption documentation Bruce Momjian <[email protected]>
0 siblings, 1 reply; 5+ messages in thread
From: Adam Vande More @ 2013-06-20 02:45 UTC (permalink / raw)
To: Peter Eisentraut <[email protected]>; +Cc: pgsql-docs
On Wed, Jun 19, 2013 at 9:20 PM, Peter Eisentraut <[email protected]> wrote:
> On Thu, 2013-04-18 at 15:16 -0500, Adam Vande More wrote:
> > On this page
> http://www.postgresql.org/docs/9.2/static/encryption-options.html,
> > "gbde" is listed as the method for encrypting block devices. While
> > correct, "geli" is a much more appropriate mention as it's a more
> > powerful(e.g. aes-ni support) and secure(more ciphers, data
> > authentication,etc) solution.
>
> Could you provide an updated wording? (E.g., should we just replace
> gbde by geli, or list both?)
>
>
Sure, here is a change that encompasses more than my original observation.
Take or leave or modify what you wish.
pseudo diff
-"On Linux, encryption can be layered on top of a file system using a "loopback
device". This allows an entire file system partition to be encrypted on
disk, and decrypted by the operating system. On FreeBSD, the equivalent
facility is called GEOM Based Disk Encryption (gbde), and many other
operating systems support this functionality, including Windows."
+"There are at least two methods of encrypting a file system. The first is
to use a tool which implements an encrypted file system. On Linux,
eCryptfs or EncFS
are commonly used for this while FreeBSD uses PEFS. The other and perhaps
more common method is to encrypt the block device a file system or swap
partition resides on. These types of solutions can also provide full disk
encryption. Linux generally uses dm-crypt + LUKS for this functionality
with other options dependent on kernel version/distro. On FreeBSD, there
are two GEOM modules to encrypt block devices: geli & gbde with geli being
the preferred solution for speed, security, and options. Many other
operating system have their own method of block device or full disk
encryption."
--
Adam Vande More
^ permalink raw reply [nested|flat] 5+ messages in thread
* Re: Data Partition Encryption documentation
2013-04-18 20:16 Data Partition Encryption documentation Adam Vande More <[email protected]>
2013-06-20 02:20 ` Re: Data Partition Encryption documentation Peter Eisentraut <[email protected]>
2013-06-20 02:45 ` Re: Data Partition Encryption documentation Adam Vande More <[email protected]>
@ 2013-12-02 21:15 ` Bruce Momjian <[email protected]>
2013-12-06 14:47 ` Re: Data Partition Encryption documentation Bruce Momjian <[email protected]>
0 siblings, 1 reply; 5+ messages in thread
From: Bruce Momjian @ 2013-12-02 21:15 UTC (permalink / raw)
To: Adam Vande More <[email protected]>; +Cc: Peter Eisentraut <[email protected]>; pgsql-docs
On Wed, Jun 19, 2013 at 09:45:34PM -0500, Adam Vande More wrote:
> On Wed, Jun 19, 2013 at 9:20 PM, Peter Eisentraut <[email protected]> wrote:
>
> On Thu, 2013-04-18 at 15:16 -0500, Adam Vande More wrote:
> > On this page http://www.postgresql.org/docs/9.2/static/
> encryption-options.html,
> > "gbde" is listed as the method for encrypting block devices. While
> > correct, "geli" is a much more appropriate mention as it's a more
> > powerful(e.g. aes-ni support) and secure(more ciphers, data
> > authentication,etc) solution.
>
> Could you provide an updated wording? (E.g., should we just replace
> gbde by geli, or list both?)
>
>
>
> Sure, here is a change that encompasses more than my original observation.
> Take or leave or modify what you wish.
>
>
> pseudo diff
>
> -"On Linux, encryption can be layered on top of a file system using a "loopback
> device". This allows an entire file system partition to be encrypted on disk,
> and decrypted by the operating system. On FreeBSD, the equivalent facility is
> called GEOM Based Disk Encryption (gbde), and many other operating systems
> support this functionality, including Windows."
>
> +"There are at least two methods of encrypting a file system. The first is to
> use a tool which implements an encrypted file system. On Linux, eCryptfs or
> EncFS are commonly used for this while FreeBSD uses PEFS. The other and
> perhaps more common method is to encrypt the block device a file system or swap
> partition resides on. These types of solutions can also provide full disk
> encryption. Linux generally uses dm-crypt + LUKS for this functionality with
> other options dependent on kernel version/distro. On FreeBSD, there are two
> GEOM modules to encrypt block devices: geli & gbde with geli being the
> preferred solution for speed, security, and options. Many other operating
> system have their own method of block device or full disk encryption."
I have developed the attached doc patch to improve our details around
storage encryption.
--
Bruce Momjian <[email protected]> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ Everyone has their own god. +
--
Sent via pgsql-docs mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-docs
Attachments:
[text/x-diff] crypt.diff (1.2K, 2-crypt.diff)
download | inline diff:
diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml
new file mode 100644
index ab51782..99c891a
*** a/doc/src/sgml/runtime.sgml
--- b/doc/src/sgml/runtime.sgml
*************** pg_dumpall -p 5432 | psql -d postgres -p
*** 1815,1826 ****
<listitem>
<para>
! On Linux, encryption can be layered on top of a file system
! using a <quote>loopback device</quote>. This allows an entire
! file system partition to be encrypted on disk, and decrypted by the
! operating system. On FreeBSD, the equivalent facility is called
! GEOM Based Disk Encryption (<acronym>gbde</acronym>), and many
! other operating systems support this functionality, including Windows.
</para>
<para>
--- 1815,1826 ----
<listitem>
<para>
! Storage encryption can be performed at the file system level or the
! block level. Linux file system encryption options include eCryptfs
! and EncFS, while FreeBSD uses PEFS. Block level or full disk
! encryption options include dm-crypt + LUKS on Linux and GEOM
! modules geli and gbde on FreeBSD. Many other operating systems
! support this functionality, including Windows.
</para>
<para>
^ permalink raw reply [nested|flat] 5+ messages in thread
* Re: Data Partition Encryption documentation
2013-04-18 20:16 Data Partition Encryption documentation Adam Vande More <[email protected]>
2013-06-20 02:20 ` Re: Data Partition Encryption documentation Peter Eisentraut <[email protected]>
2013-06-20 02:45 ` Re: Data Partition Encryption documentation Adam Vande More <[email protected]>
2013-12-02 21:15 ` Re: Data Partition Encryption documentation Bruce Momjian <[email protected]>
@ 2013-12-06 14:47 ` Bruce Momjian <[email protected]>
0 siblings, 0 replies; 5+ messages in thread
From: Bruce Momjian @ 2013-12-06 14:47 UTC (permalink / raw)
To: Adam Vande More <[email protected]>; +Cc: Peter Eisentraut <[email protected]>; pgsql-docs
On Mon, Dec 2, 2013 at 04:15:00PM -0500, Bruce Momjian wrote:
> > pseudo diff
> >
> > -"On Linux, encryption can be layered on top of a file system using a "loopback
> > device". This allows an entire file system partition to be encrypted on disk,
> > and decrypted by the operating system. On FreeBSD, the equivalent facility is
> > called GEOM Based Disk Encryption (gbde), and many other operating systems
> > support this functionality, including Windows."
> >
> > +"There are at least two methods of encrypting a file system. The first is to
> > use a tool which implements an encrypted file system. On Linux, eCryptfs or
> > EncFS are commonly used for this while FreeBSD uses PEFS. The other and
> > perhaps more common method is to encrypt the block device a file system or swap
> > partition resides on. These types of solutions can also provide full disk
> > encryption. Linux generally uses dm-crypt + LUKS for this functionality with
> > other options dependent on kernel version/distro. On FreeBSD, there are two
> > GEOM modules to encrypt block devices: geli & gbde with geli being the
> > preferred solution for speed, security, and options. Many other operating
> > system have their own method of block device or full disk encryption."
>
> I have developed the attached doc patch to improve our details around
> storage encryption.
Patch applied.
--
Bruce Momjian <[email protected]> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ Everyone has their own god. +
--
Sent via pgsql-docs mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-docs
^ permalink raw reply [nested|flat] 5+ messages in thread
end of thread, other threads:[~2013-12-06 14:47 UTC | newest]
Thread overview: 5+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2013-04-18 20:16 Data Partition Encryption documentation Adam Vande More <[email protected]>
2013-06-20 02:20 ` Peter Eisentraut <[email protected]>
2013-06-20 02:45 ` Adam Vande More <[email protected]>
2013-12-02 21:15 ` Bruce Momjian <[email protected]>
2013-12-06 14:47 ` Bruce Momjian <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox