On 9/8/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:
On Thu, Sep 07, 2006 at 09:28:33PM +0200, viq wrote:
> On 9/7/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:
> >On Thu, Sep 07, 2006 at 08:01:11PM +0200, viq wrote:
> >> I am looking for a way to securely store files. Like,
> >> say, your mail archive. Or home folder. I know, "use vnd" seems to be
> >> the main choice on OpenBSD. But, I want to be able to access those
> >> files from other systems too. Did anyone find a solution that would be
> >> practical to use? A filesystem solutions would be preferable, either
> >> encrypting a 'real' filesystem, or having a 'virtual' one in a file -
> >> but as I said, I'm looking for a solution that would let me mount it
> >> in several operating systems.
> >
> >vnd(4) works well, as you note, but is indeed not very portable.
> >
> >You don't say what 'several' means,
>
> Hopefully OpenBSD, linux, I plan to play wth FreeBSD, and every once
> in a while I do end up on Windows.
I am not aware of any non-commercial solutions that work on both *nix
and Windows, and that are sane to use. There might be commercial
solutions, or I might have overlooked something.
Well, I'll live if it doesn't work on windows, though it would be nice
to have. But, is there a solution that would work between various
*nixes? And just out of curiousity, what are the commercial ones, if
you know any?
> >but I believe you could mount a
> >filesystem on a vnd under Linux after you have called losetup with a
> >suitable offset (i.e., bypassed the disklabel).
>
> Ah, now that is an interesting information. Could it be also possible
> the other way around? Create an encrypted file-partition in linux, and
> mount (and decrypt) it using vnd?
Of course, I `forgot' one important consideration: this only works if
the vnd is *not* encrypted. Oopsie.
Besides, I have never actually *tried* this. I simply presume that a vnd
device is basically a raw imprint of what would otherwise be on a disk.
I did use this particular trick (losetup with offset) to recover a NTFS
partition for a friend after the MBR got trashed.
All in all, though, I'd be surprised if this doesn't work. You do have
to find the proper boundary, though... and, as mentioned above, all this
trickery is pretty useless to you.
Maybe I don't have to find the boundary for skipping, looks like you
don't need to disklabel the virtual disk, you can just newfs it. At
least from the descriptions I found online so far. Now the big
question is whether there is an encryption schema that would be
compatible between OpenBSD and linux...
Though vnd + gpg might still be preferable to tar + gpg, at least once
you have figured out the offset.
Yes, that's an option... Though still need to clean up aftrewards.
> >cfs might be portable - though it is not very secure.
>
> Yeah, that thought passed my mind, but I'd rather first consider other
> options as IIRC this project seems to be unmaintainded.
>
> >Finally, tar and gpg offer a solution... as long as you are careful when
> >untarring.
>
> Yes, need to wipe files and free space afterwards. So, would prefer a
> filesystem level encryption. But, that's also an option.
> Also there's a similiar option to gpg-zip or gpg+tar, which is 7zip
> wit it's encryption. Though someone would have to port it ;)
We do have archives/lzma, but I don't think that does encryption.
Anyway, I am reasonably confident that GnuPG does not have too many
stupid errors, and I would not extend the same confidence to 7zip.
Hmm, point.
Joachim
--
viq
