On Wed, 29 Feb 2012 15:56:52 +0100
Prefer Anon <my.m...@gmail.com> wrote:
| Hi Anthony,
|
| I may have been a bit unclear in what I was stating. I have three
| machines: a desktop, a laptop and a server. On the server i only wanted
| data stored in encrypted form (in case its compromised) whereas the
| desktop/laptop I'm using unencrypted for now (though might eventually
| encrypt). The desktop and laptop can mount the server using sshfs so when
| I say things like /server/laptop_enc I mean the sshfs mounted directory
| laptop_enc that really sits on the server.
|
Ok, what I initially thought.
So to sync
mount the encrypted data using sshfs (or nfs)
create a encfs unencryted mount
unison locally between that and your local copy.
terminate encfs
terminate sshfs
OR
encfs -reverse a encrypted version of the local data
unison between that and the server
terminate encfs
OR
unison between server and a local encrypted data copy
and encfs to craete working unencrypted form when needed.
All three will work.
Other schemes involve a double sync
server <-> local encrytped <-> local unencrypted
and probably best avoided.
Only the first uses unison on unencrypted data for conflict resolution,
that is when you change data differently on different machines without
syncing before the change.
If unison is only working on encrypted data, you can replace unison with
other 'cloud' solutions (the server is somewhere in the cloud), that syncs
encrypted data, and may keep it synced anytime you are online.
For example dropbox.
| 1 - Syncing encrypted blocks can be very confusing as I guess encfs has a
| complicated internal representation of the files.
|
That may only be a problem with sshfs whcih may not do 'block' level access.
EG only whole files are sync'ed. not partial files.
But encfs meta-data handling should keep that at a minimum.
| 2 - How do I get the encfs keys between the desktop and the laptop without
| going through the server (which would invalidate the whole point of only
| keeping an encrypted copy there).
|
You will need to copy them at some point.
By default encfs (in reverse mode) copies the ".encfs6-config" file
between filesystems. I do not believe it does in normal forward mode.
I myself prefer to keep ".encfs6-config" completely separate as added
security mechanism. And even add a extra password layer to allow user
passwords to be changed without needing the encrytped data to be
changed. Different users on different machines can have their own
separate password to the same data. Makes it easier for individuals.
| I am not sure about the final arrangement that makes sense here but in any
| setup the last question above will be an issue. How can I get the
| encryption keys easily between machines?
USB, Mail, SCP?
the file can be encrytped (is for me) and it really only has to be done
ONCE.
| Are the keys generated once for
| each directory or are new keys generated for each file? I guess the same
| problem plagues people using encfs over dropbox with multiple machines.
| What do you need to get multiple machines to be able to decrypt the same
| encfs direcotry?
|
The key and config is only once for each encrypted mount.
and only needed when setting up teh mount. It does not need to be
available after the setup of encfs is complete.
This is why I can store them in a file encrypted by the users key.
Anthony Thyssen ( System Programmer ) <a.thys...@griffith.edu.au>
--------------------------------------------------------------------------
Zatherus warn Zartheris! But, arh, Zatheris never listens to Zatherus!
-- Babylon 5
--------------------------------------------------------------------------
Anthony's Castle http://www.ict.griffith.edu.au/anthony/
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Encfs-users mailing list
Encfs-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/encfs-users
