I have a samba server and I would love to encrypt the shares using a rather strong encryption method on a file or filesystem level. tcp/ip isnt necessary.

Is this possible? What are the performance hits? The clients are of course windows xp boxes.

Thanks.

Not sure but one may be able to do samba over a ssh session or setup a vpn between the two machines.

Brian1

How do you want the encryption to work? have the files or directories encrypted and decrypted only when accessed. Or decrypted when the machine boots up etc..... If you want to encypted partitons or complete drives you may want too look at AES-loop encryption. Or if you just want to envrypted files or directories Gnupg maybe what you are after.

I would prefer to have all my files encrypted by default, and only decrypted when accessed if thats possible with samba.

You could use Samba to share a directory. The directory can contain a file that has an encrypted file system. The client would connect to the Samba share and then mount the container file through crypto-loop. This way the information is encrypted over the network and is decrypted at the client. I wrote instructions for the encrypted container file here:
http://www.linuxquestions.org/questi...33#post2416433
The main problem with this as it is described is that the password is also the encryption key seed. People who can access the encrypted file system have to know the encryption key seed and you cannot change the encryption key seed. I have heard about LUKS, which stands for Linux Unified Key System. This system allows up to twelve keys/passwords for users. These keys/passwords have nothing to do with the encryption key. You can add and subtract authorized users at will. I have not yet implemented this so I don't have details.