It would be nice if FP would allow to not only encrypt the internal storage but also the sd-card. As far as I know, some Android vendors have added this capability to their phones.
I guess most people only use the sd-card to extend the storage but never remove it to write directly to it. So the ability to use the sd-card outside of the FP is not that important. But it would be nice if the encryption used standard linux mechanisms, so that accessing it from a normal linux distribution would work if necessary.
Very cool idea!
Can you bring some examples? Which smartphones support that and do you know custom/third party roms like Cyanogen implementing this?
It seems Samsung and Motorola have implemented this for at least some devices. I have a nearly 2 year old magazine article that lists motorola razr, razr i, samsung s2, s3, note, note 10.1, note 2, tab 10.1 as supporting sd card encryption. Searching the web shows that at least with samsung, it sometimes depends on the firmware version.
It seems Samsung and Motorola use a per-file encryption for the external sd-card. This may have the advantage that one may encrypt only new content or do incremental encryption. But the file names and directory structure remains unencrypted. The scheme also has the problem that the encryption keys are only on the device, and if the device is broken/lost, there is no way to recover the files.
I think simply encrypting the whole device seems more secure and at least I could live with having to encrypt the whole sd-card at once. But it should be possible to import/export the used encryption key, so that the sd-card can be used in a replacement device.
All my Samsung phones S3, S4 and S5 had this feature.
When encrypting the phone you also get an option to encrypt the external SD-Card!
REM: the card cannot be decrypted from another device, since the hash from the password is stored on the internal storage of the phone… so if your phone breaks you may loose everything on your SD-Card