Re: crypto file system
Greetings,...
Am Mittwoch, 23. Februar 2005 14:11 schrieb Jonathan Schmitt:
> Hi list,
> I'm looking for a cryptographic file system to securely store data on a
> server, either via something like an encrypted nfs or via a local mount of
> an exported nfs share.
Do you want to encrypt files for transport only or do you want to store the
file encrypted on your harddisk?
(If they are stored encrypted, they are transported encryptet as well, so you
don't need to encrypt twice ;)
> I've looked into cfs and although this is in general exactly what we need,
> it has some setbacks. First of all, the source seems to be abandoned (which
> rises security concerns), second, there are some non-Debian Linux computers
> within the network and the support for them is poor.*
Every kernelland approach I know causes difficulties with non-linux boxes.
Every userland approach approach causes difficulties with transparent file
access.
However, there are some VFS-drivers allowing to use userland programs to be a
file system driver (captive mode NTFS is the best known example I know), but
I didn't use it.
> Nfs exported crypto loopback seems to be fine in general, but there is a
> difficulty with our backup (file backup, all modified files are saved every
> day for 90 days, so a 3GB crypto loop would result in some admins coming
> for my head).
Well, If you export an encrypted file system r/w on nfs, there is a good
changes that is is either screwed-up or non-writeable for most of your users.
There are many utils for encrypting files,
I use gpg for userland only accesses, and loop-aes for kernelland accesses.
(loop-aes allows userland access as well).
If you want to use a encrypted file system, you have to know exactly when
which data have to be encrypted and it what ways it has to be accessed.
Perhaps a ssh tunneld nfs may be enough.
Keep smiling
yanosz
Reply to: