I received this via gnumed-devel-owner to which Syan had sent this,
maybe not intentionally, so here it is on the list (Syan, I merged
your initial post and self-reply into one message)... Jim
for those who have to carrying around a gnumed database on a laptop,
you can use cryptmount ( a debian package)
and read the man pages on howto setup a cryptmount directory.
the idea is to map a block of disc space onto a device
e.g. in a directory /dev/devmapper/ ,
if the block device is named "opaque" then the mapping
would be /dev/devmapper/opaque.
Then setup opaque by first mounting it with cryptmount
and customize the cryptmount configuration file
in /etc/cryptmount/cm.conf ; an example mapping is given.
basically, this associates the device with a key ;
the key encrypts a secret key, which decrypts the
the mounted device.
the idea is to generate the key,
mount the raw device using the option --prepare,
make a new filesystem on the mounted device,
then unmount the device.
there after using , cryptmount opaque ( which
is the name referring to the block which will
be mounted on /dev/devmapper/opaque) , will prompt
for a password, and if successful, mount
the drive.
then create a postgres cluster using initdb
using the directory that the crypt device is mounted on.
this of course , can still be a problem if you
use hibernate or s2disk on your laptop,
so it's a good idea to use the uswpswp package which
provides s2disk , with a encrypted suspend image;
of course, everything is as weak as the password(s)
used.
even though they can be configure to use AES encryption;
at least cryptmount gives you the option easily of
changing the password ;
but I think s2disk you have to change the
key manually, if you want to change the password.
_______________________________________________
Gnumed-devel mailing list
Gnumed-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/gnumed-devel
