Is it a good idea to use only a key to encrypt an entire (small) filesystem?
Posted
by Fernando Miguélez
on Stack Overflow
See other posts from Stack Overflow
or by Fernando Miguélez
Published on 2010-06-10T08:04:30Z
Indexed on
2010/06/10
8:42 UTC
Read the original article
Hit count: 230
This question comes as part of my doubts presented on a broader question about ideas implementing a small encrypted filesystem on Java Mobile phones (J2ME, BlackBerry, Android). Provided the litte feedback received, considering the density of the question, I decided to divide those doubts into small questions.
So to sum up I plan to "create" an encrypted filesystem for for mobile phones (with the help of BoucyCastle or a subset of JCE), providing an API that let access to them in a transparent way. Encryption would be carried out on a file basis (not blocks).
My question is this:
Is it a good idea to use only a simmetric key (maybe AES-256) to encrypt all the files (they wouldn't be that many, maybe tens of them) and store this key in a keystore (protected by a pin) or would you rather encrypt each file with an on-the-fly generated key stored alongside each file, encrypting that key with the "master" key stored on the keystore?
What are the benefits/drawbacks of each approach?
© Stack Overflow or respective owner