Filesystem-level encryption, often called file or folder encryption, is a form of disk encryption where individual files or directories are encrypted by the file system itself. This is in contrast to full disk encryption where the entire partition or disk, in which the file system resides, is encrypted.
The advantages of filesystem-level encryption include:
- flexible file-based key management, so that each file can be and usually is encrypted with a separate encryption key
- individual management of encrypted files e.g. incremental backups of the individual changed files even in encrypted form, rather than backup of the entire encrypted volume
- access control can be enforced through the use of public-key cryptography, and
- the fact that cryptographic keys are only held in memory while the file that is decrypted by them is held open.
Read more about Filesystem-level Encryption: General-purpose File Systems With Encryption, Cryptographic File Systems