Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtp (Exim 4.80) (envelope-from ) id 1VowhO-00031D-Ge for pgsql-docs@arkaria.postgresql.org; Fri, 06 Dec 2013 14:48:10 +0000 Received: from localhost ([127.0.0.1] helo=postgresql.org) by malur.postgresql.org with smtp (Exim 4.80) (envelope-from ) id 1VowhO-0002Ms-0n for pgsql-docs@arkaria.postgresql.org; Fri, 06 Dec 2013 14:48:10 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtp (Exim 4.80) (envelope-from ) id 1VowhN-0002Mm-EU for pgsql-docs@postgresql.org; Fri, 06 Dec 2013 14:48:09 +0000 Received: from momjian.us ([72.94.173.45]) by magus.postgresql.org with esmtp (Exim 4.80) (envelope-from ) id 1VowhG-0002jw-Gq for pgsql-docs@postgresql.org; Fri, 06 Dec 2013 14:48:09 +0000 Received: from bruce by momjian.us with local (Exim 4.72) (envelope-from ) id 1VowhD-0003aJ-93; Fri, 06 Dec 2013 09:47:59 -0500 Date: Fri, 6 Dec 2013 09:47:59 -0500 From: Bruce Momjian To: Adam Vande More Cc: Peter Eisentraut , pgsql-docs@postgresql.org Subject: Re: Data Partition Encryption documentation Message-ID: <20131206144759.GB26036@momjian.us> References: <1371694802.13762.40.camel@vanquo.pezone.net> <20131202211500.GN5274@momjian.us> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20131202211500.GN5274@momjian.us> User-Agent: Mutt/1.5.20 (2009-06-14) X-Pg-Spam-Score: -2.1 (--) List-Archive: List-Help: List-ID: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: X-Mailing-List: pgsql-docs Precedence: bulk Sender: pgsql-docs-owner@postgresql.org On Mon, Dec 2, 2013 at 04:15:00PM -0500, Bruce Momjian wrote: > > pseudo diff > > > > -"On Linux, encryption can be layered on top of a file system using a "loopback > > device". This allows an entire file system partition to be encrypted on disk, > > and decrypted by the operating system. On FreeBSD, the equivalent facility is > > called GEOM Based Disk Encryption (gbde), and many other operating systems > > support this functionality, including Windows." > > > > +"There are at least two methods of encrypting a file system. The first is to > > use a tool which implements an encrypted file system. On Linux, eCryptfs or > > EncFS are commonly used for this while FreeBSD uses PEFS. The other and > > perhaps more common method is to encrypt the block device a file system or swap > > partition resides on. These types of solutions can also provide full disk > > encryption. Linux generally uses dm-crypt + LUKS for this functionality with > > other options dependent on kernel version/distro. On FreeBSD, there are two > > GEOM modules to encrypt block devices: geli & gbde with geli being the > > preferred solution for speed, security, and options. Many other operating > > system have their own method of block device or full disk encryption." > > I have developed the attached doc patch to improve our details around > storage encryption. Patch applied. -- Bruce Momjian http://momjian.us EnterpriseDB http://enterprisedb.com + Everyone has their own god. + -- Sent via pgsql-docs mailing list (pgsql-docs@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-docs