Separating key management from file system security