Re: [gentoo-user] Re: [OT crypto] How to encrypt a directory without root?
On Thu, 14 Jan 2010 18:19:56 -0600, Harry Putnam wrote: I wasn't thinking that at all. You use sshfs to mount the remote directory locally, then mount that with encfs. All the remote host needs is ssh. I'm not sure what is going wrong here, if neither of us is listening to the other or what... but I've stressed that I wanted a solution for when I could not access my home machine Does your solution involve that? No, I missed that part. Do you means you cannot access the machine or you cannot load your normal OS because it is broken? In the latter case, a live C/USB distro will help. If you mean no access to the computer at all and you're forced to use whatever is available, you have something of a problem as you can never know what will be available. I used the method I mentioned, but I have more than one computer, so if one breaks I can use the other to get at the backups. -- Neil Bothwick A consultant is a person who borrows your watch, tells you what time it is, pockets the watch, and sends you a bill for it. signature.asc Description: PGP signature
Re: [gentoo-user] Re: [OT crypto] How to encrypt a directory without root?
On Tue, Jan 05, 2010 at 04:09:03PM -0600, Harry Putnam wrote: For example, if I wanted a forgotten password laying in a text file but encfs encrypted and on the remote. When for one or another reason I cannot get it from the home machine. I hate saying something when I don't know the full circumstances, but here is how I do mine, and how I have recovered data from the backup. I mount the plaintext with this command (actual details have been changed because I do it in a shell script which does other things): encfs ~/.encrypted ~/.plaintext ~/.encrypted is the encrypted dir, ~/.plaintest is what I lok at when I want to see the plaintext. I have various symlinks elsewhere which point into ~/.plaintext. When I backup this data, I only backup ~/.encrypted. In fact, since backup is done as a part of root's nightly backup, and root cannot look into ~/.plaintext, ~/.encrypted is all that can be backupped (did I just invent a new verb? :-). Now once I lost a file which I knew existed in the backup. All I had to do was 1. As root, mount the backup, in this case as /mnt/backup. 2. As myself, mount as usual but change the names: encfs /mnt/backup/home/felix/.encrypted ~/tmp/plaintext 3. Copy the file as plaintext: cp -p ~/tmp/plaintext/path/to/file ~/.plaintext/path/to/file Of course, if you backup as yourself, the root step is easily adjusted to yourself. It's been so long since I set this up that I do not remember the details. There's a kernel module, maybe dm-crypt. You probably have to enable something in the kernel config. But once done, it's easy as pi and just as tasty, and I really like the fact that root cannot get access to the plaintext. For some reason, that just tinkles me pink. -- ... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._. Felix Finch: scarecrow repairman rocket surgeon / fe...@crowfix.com GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933 I've found a solution to Fermat's Last Theorem but I see I've run out of room o
Re: [gentoo-user] Re: [OT crypto] How to encrypt a directory without root?
On Wed, 06 Jan 2010 15:27:32 -0600, Harry Putnam wrote: Then use rsync instead of tar, then you can mount the remote filesystem using sshfs and encfs to read individual files. It's a little slow as you are layering two FUSE filesystems, but quicker than downloading a complete tarball just to get at one file. I've used this method with an online backup service and it works. Neil seems to be thinking the remote has encfs on board... it does not. Hence my original quest for a different encryption process, (mcrypt) I wasn't thinking that at all. You use sshfs to mount the remote directory locally, then mount that with encfs. All the remote host needs is ssh. -- Neil Bothwick At any event, the people whose seats are furthest from the aisle arrive last. signature.asc Description: PGP signature
Re: [gentoo-user] Re: [OT crypto] How to encrypt a directory without root?
On Tue, 05 Jan 2010 16:09:03 -0600, Harry Putnam wrote: Why not just tar up the underlying encfs partition? The data is already encrypted, what's the point of decrypting it to encrypt it again? That way you don't need to rely on any encryption software on the remote computer. I wanted the option of decrypting on the remote if need be... that is if my home machine is not accessible for whatever reason. For example, if I wanted a forgotten password laying in a text file but encfs encrypted and on the remote. When for one or another reason I cannot get it from the home machine. In your scenario, I'd need access to both home machine and remote at the same time to first get the blob of encrypted data off the remote and then to decrypt it on home. Then use rsync instead of tar, then you can mount the remote filesystem using sshfs and encfs to read individual files. It's a little slow as you are layering two FUSE filesystems, but quicker than downloading a complete tarball just to get at one file. I've used this method with an online backup service and it works. -- Neil Bothwick 3 things happen as you age: 1) Your memory goes; 2) uh..um signature.asc Description: PGP signature
Re: [gentoo-user] Re: [OT crypto] How to encrypt a directory without root?
On Sat, 02 Jan 2010 22:12:29 -0600, Harry Putnam wrote: I have an encfs encrpted partition on my home machine.. However I want a back up offsite. The encrypted partition would be mounted, the contents tarred/gzipped, mcrypt'ed on home machine then scp'ed to the remote for offsite storage once a week or so, overwriting each time. Why not just tar up the underlying encfs partition? The data is already encrypted, what's the point of decrypting it to encrypt it again? That way you don't need to rely on any encryption software on the remote computer. -- Neil Bothwick Puns are bad, but poetry is verse... signature.asc Description: PGP signature
Re: [gentoo-user] Re: [OT crypto] How to encrypt a directory without root?
On Sun, Jan 03, 2010 at 10:30:03AM +, Neil Bothwick wrote: On Sat, 02 Jan 2010 22:12:29 -0600, Harry Putnam wrote: I have an encfs encrpted partition on my home machine.. However I want a back up offsite. The encrypted partition would be mounted, the contents tarred/gzipped, mcrypt'ed on home machine then scp'ed to the remote for offsite storage once a week or so, overwriting each time. Why not just tar up the underlying encfs partition? The data is already encrypted, what's the point of decrypting it to encrypt it again? That way you don't need to rely on any encryption software on the remote computer. Exactly. I have recovered files from an encrypted partition, and all I have is the backup of the encrypted data. I repeat the normal mount procedure on the encrypted backup, recover my file, and umount it. -- ... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._. Felix Finch: scarecrow repairman rocket surgeon / fe...@crowfix.com GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933 I've found a solution to Fermat's Last Theorem but I see I've run out of room o