Neil Bothwick <n...@digimed.co.uk> writes: > On Tue, 05 Jan 2010 16:09:03 -0600, Harry Putnam wrote: > >> > Why not just tar up the underlying encfs partition? The data >> > is already encrypted, what's the point of decrypting it to encrypt it >> > again? That way you don't need to rely on any encryption software on >> > the remote computer. >> >> I wanted the option of decrypting on the remote if need be... that is >> if my home machine is not accessible for whatever reason. >> >> For example, if I wanted a forgotten password laying in a text file >> but encfs encrypted and on the remote. When for one or another reason >> I cannot get it from the home machine. >> >> In your scenario, I'd need access to both home machine and remote at >> the same time to first get the blob of encrypted data off the remote >> and then to decrypt it on home. > > Then use rsync instead of tar, then you can mount the remote filesystem > using sshfs and encfs to read individual files. It's a little slow as you > are layering two FUSE filesystems, but quicker than downloading a > complete tarball just to get at one file. I've used this method with an > online backup service and it works.
Neil seems to be thinking the remote has encfs on board... it does not. Hence my original quest for a different encryption process, (mcrypt) And both Felix' and Neils solutions seem to require access to the home computer or root on the remote. Or a least access to a machine with encfs on board. Also, understand that the encrypted data is quite small... Not talking a huge tarball at all. du -sh ~/myencrypteddata 7.4M myencrypteddata That is uncompressed So is it still a bad idea to unencrypt from encfs, recrypt in mcrypt and ssh or rsync the result to the remote? With something this size all of that should happen in a few seconds right? And this way, I'd be able to decrypt the thing on the remote; find what I need and delete the unencrypted data leaving only the encrypted. It does sound like a lot of huffing and puffing so am interested to hear other ways. I haven't tried it yet at all. I guess another part of my question is will an mcrypted file setting on an internet host (that can be hacked and has been at least once since I've been involved (5yrs)), be of interest and easy enough to crack (not the host but the file itself) that it would be likely a hacker would try? Once again this is not super secretive stuff, like murder or such... and even banking info could only lead to a matter of mid 4 digit amounts at most. Nasty but not life threatening or bankruptcy material and its unlikely at best that all accounts would be drained before I caught a sniff of it. But still, once my trove of passwords and certain banking info was lost, it would be a real pita to clean up. ------- --------- ---=--- --------- -------- | A side note to forestall answers involving the owner of the host | machine being asked to do whatever: | | That fellow is quite security conscious and far as I know has had | only the one hack on some 8-9 or so online machines over at least | 10 yrs. (Not a bad record... since he was at one time a target | to unprincipled hackers in linux community, who also had accounts | on his hosts... so the attack was from inside so to speak) | | So there won't be much I can suggest that he either doesn't now | about or hasn't already tried.
