| filesystem | memory | backing store |
|---|---|---|
| ecryptfs | kernel space | stacked |
| encfs | user space | stacked |
| dmcrypt | kernel space | block |
key:
- backing store:
- stacked: Stacked filesystems layer on top of existing mounted filesystems that are referred to as lower filesystems. An encrypted stacked filesystem then encrypts and decrypts the files as they are written to or read from the lower filesystem. They have the advantage that the size of the encrypted filesystem is flexible. They have the disadvantage that they must match the same fs type as the lower filesytem and when unencrypted the file sizes and modification times are available.
- block: data is stored in a big block or block device. good for full disk encryption. not easily expandable.
- memory:
- user space: user-space tools to mount the filesystem (FUSE).
- kernel space: support compiled into the kernel.
see also:
- encrypted swap: keep that memory secure!
