Encrypting Files on Disk
You can keep a file secure by making the file inaccessible to other users. For
example, a file with permissions of 600
cannot be read except by
its owner and by the root
account. A directory with permissions
of 700
is similarly inaccessible. However, someone who guesses
your password or who discovers the root
password can access that
file. Also, the otherwise inaccessible file is preserved on a backup tape every time
that the system files are backed up to offline media. For additional protection, you
can use on-disk encryption or use Cryptographic Framework commands.
For more information about ZFS file systems, see Encrypting ZFS File Systems in Managing ZFS File Systems in Oracle Solaris 11.4.
The Cryptographic Framework provides digest
, mac
, and encrypt
commands. Regular users can use these commands to protect files and directories. For more information, see Chapter 1, About Cryptographic Providers in Oracle Solaris in Managing Encryption and Certificates in Oracle Solaris 11.4.