Encrypting Files on Disk

You can keep a file secure by making the file inaccessible to other users. For example, a file with permissions of 600 cannot be read except by its owner and by the root account. A directory with permissions of 700 is similarly inaccessible. However, someone who guesses your password or who discovers the root password can access that file. Also, the otherwise inaccessible file is preserved on a backup tape every time that the system files are backed up to offline media. For additional protection, you can use on-disk encryption or use Cryptographic Framework commands.

For more information about ZFS file systems, see Encrypting ZFS File Systems in Managing ZFS File Systems in Oracle Solaris 11.4.

The Cryptographic Framework provides digest, mac, and encrypt commands. Regular users can use these commands to protect files and directories. For more information, see Chapter 1, About Cryptographic Providers in Oracle Solaris in Managing Encryption and Certificates in Oracle Solaris 11.4.