Shared encrypted filesystem
Bill Davidsen
davidsen at tmr.com
Wed Feb 23 22:04:16 UTC 2011
Adrian Sevcenco wrote:
> On 02/22/2011 11:37 PM, Bill Davidsen wrote:
>> Any thoughts on remote mounting a filesystem securely? Clearly I could just
>> export it and count on the encryption in the WiFi and the VPN to protect the
>> data, but that leaves it mounted in clear on the server. I looked at putting the
>> data in a file mounted with cryptoloop on the client, which works, or creating a
>> loop device and then having that be a LUKS device. I haven't tried that last
>> one, but my notes say I did create a local loop/LUKS device for a demo, so I
>> suppose it could happen.
>>
>> Is there some simple and common additional method I've missed?
> tunneling over ssh or some other encrypted tunnel (with openssl) the NFS
> or CIFS communication...
>
> the encrypted part is useful only for offline (lack of key) denial of
> data reading .. or you could export an encrypted block device thru iscsi
> (or nbd) and mount and decrypt on initiator..
>
You have the right idea, I want to decrypt on the client, rather than mount on
the server, thus the data on the server is just a file full of encrypted data,
and not available as clear text there. I was thinking of nbd, certainly a
possibility.
--
Bill Davidsen <davidsen at tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
More information about the users
mailing list