Encrypting user data on per-app basis?

[Bastien Nocera]

Hey,

Would it be a good idea to encrypt each application's private store of
files and data in the user's home directory, when storing it on-disk?

ext4 and some other filesystems allow per-directory encryption and
~/.var/app/<app-id>/ could be marked to be encrypted pretty easily when
the directory is first created.

This would avoid applications being able to access each other's data,
but I'm not certain whether decryption can be made so that the files
are only accessible within the namespace. I'm also not sure where we'd
store the keys in a way that didn't make it accessible to most apps.

Any ideas?

Cheers