Hi Anthony,
I may have been a bit unclear in what I was stating. I have three
machines: a desktop, a laptop and a server. On the server i only wanted
data stored in encrypted form (in case its compromised) whereas the
desktop/laptop I'm using unencrypted for now (though might eventually
encrypt). The desktop and laptop can mount the server using sshfs so when
I say things like /server/laptop_enc I mean the sshfs mounted directory
laptop_enc that really sits on the server.
It seems, as I said in my last post, that to get the benefits of unison I
need to run unison between the encrypted copy on the desktop/laptop and the
copy on the server. Note I will run unison on both the laptop and the
desktop but never from the server so I don't have the problem you mentioned
about the unison cache (the unison syncing is always "one-way" to a
middleman -- namely the server).
The problems with this that I foresee are:
1 - Syncing encrypted blocks can be very confusing as I guess encfs has a
complicated internal representation of the files.
2 - How do I get the encfs keys between the desktop and the laptop without
going through the server (which would invalidate the whole point of only
keeping an encrypted copy there).
I am not sure about the final arrangement that makes sense here but in any
setup the last question above will be an issue. How can I get the
encryption keys easily between machines? Are the keys generated once for
each directory or are new keys generated for each file? I guess the same
problem plagues people using encfs over dropbox with multiple machines.
What do you need to get multiple machines to be able to decrypt the same
encfs direcotry?
thanks
On Tue, Feb 28, 2012 at 1:52 AM, Anthony Thyssen
<a.thys...@griffith.edu.au>wrote:
> On Mon, 27 Feb 2012 11:13:13 +0100
> Prefer Anon <my.m...@gmail.com> wrote:
> | Hi Anthony,
> |
> | Thanks a lot for the help. This looks very promising. So if I
> understand
> | correctly I could do the following:
> |
> | on laptop (schematically):
> |
> | encfs --reverse ~/Documents ~/enc_tmp
> | unison ~/enc_tmp /server/laptop_enc
> |
> | Which would make an encrypted copy of my homedir and sync it to the
> server.
> | Then on my desktop I could run:
> |
> | on desktop:
> |
> | encfs /server/laptop_enc ~/laptop_tmp
> | unison ~/laptop_tmp ~/Documents
> |
> | The first line would mount the laptop's data in laptop_tmp and the second
> | line would sync that would the desktop data.
> |
>
> I would have assumed 'sever' was actually a remote machine (for unison)
> ensfc only works between local file systems. Though thay can be ANY
> filesystem that could have been mounted/copied from a remote server
> (dropbox, sshfs, nfs, unison, etc).
>
> So that last should probably look exactly like the first!
>
> Unless it being a laptop you want to keep the Documents saved in encrypted
> form.
>
> In that case ~/enc_tmp becomes the real files and you remove the reverse
> The unison part however remains the same.
>
> On a machine storing files unencrypted (order is important)
>
> encfs --reverse ~/Documents ~/enc_tmp
> unison ~/enc_tmp /server/remote_store
>
> On machines storing file encrypted (order not important)
>
> encfs ~/enc_tmp ~/Documents
> unison ~/enc_tmp /server/remote_store
>
> The later can do the two commands in any order.
> That is you can 'sync' at any time, and unencrypt the docs only when you
> make changes. In that case a remote server could be the laptop
> itself
>
> For example I have encrytped files syncing between my workstation
> and my laptop.
>
> Workstation
>
> encfs ~/encrypted ~/documents
>
> Laptop
>
> encfs ~/encrypted ~/documents
> unison ~/encrypted /workstation/encrypted
>
> NOTE this this case the unison command MUST only run on one machine
> (laptop in my case). I have not found how I can launch it from
> either machine to sync the same to directories and have it use
> teh right unison cache information.
>
> This is probably simplest!
>
>
> Anthony Thyssen ( System Programmer ) <a.thys...@griffith.edu.au>
> --------------------------------------------------------------------------
> Three Schools of Magic...
> 1/ State a tautology, then ring changes on its corollaries. --
> Philosphy
> 2/ Record many facts. Try to see a pattern.
> Then make wrong guess at the next fact. -- Science
> 3/ Awareness that you live in an malevolent universe controled
> by Murphy's Law, sometimes offset by Brewsters Facter. --
> Engineering
> --------------------------------------------------------------------------
> Anthony's Castle http://www.ict.griffith.edu.au/anthony/
>
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Encfs-users mailing list
Encfs-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/encfs-users
