Is it a good idea to use only a key to encrypt an entire (small) filesystem?

Posted by Fernando Miguélez on Stack Overflow See other posts from Stack Overflow or by Fernando Miguélez
Published on 2010-06-10T08:04:30Z Indexed on 2010/06/10 8:42 UTC
Read the original article Hit count: 233

Filed under:
|
|
|
|

This question comes as part of my doubts presented on a broader question about ideas implementing a small encrypted filesystem on Java Mobile phones (J2ME, BlackBerry, Android). Provided the litte feedback received, considering the density of the question, I decided to divide those doubts into small questions.

So to sum up I plan to "create" an encrypted filesystem for for mobile phones (with the help of BoucyCastle or a subset of JCE), providing an API that let access to them in a transparent way. Encryption would be carried out on a file basis (not blocks).

My question is this:

Is it a good idea to use only a simmetric key (maybe AES-256) to encrypt all the files (they wouldn't be that many, maybe tens of them) and store this key in a keystore (protected by a pin) or would you rather encrypt each file with an on-the-fly generated key stored alongside each file, encrypting that key with the "master" key stored on the keystore?

What are the benefits/drawbacks of each approach?

© Stack Overflow or respective owner

Related posts about java

Related posts about security