On Tue, Jan 05, 2010 at 04:09:03PM -0600, Harry Putnam wrote:
> For example, if I wanted a forgotten password laying in a text file
> but encfs encrypted and on the remote. When for one or another reason
> I cannot get it from the home machine.
I hate saying something when I don't know the full circumstances, but
here is how I do mine, and how I have recovered data from the backup.
I mount the plaintext with this command (actual details have been
changed because I do it in a shell script which does other things):
encfs ~/.encrypted ~/.plaintext
~/.encrypted is the encrypted dir, ~/.plaintest is what I lok at when
I want to see the plaintext. I have various symlinks elsewhere which
point into ~/.plaintext.
When I backup this data, I only backup ~/.encrypted. In fact, since
backup is done as a part of root's nightly backup, and root cannot
look into ~/.plaintext, ~/.encrypted is all that can be backupped (did
I just invent a new verb? :-).
Now once I lost a file which I knew existed in the backup. All I had
to do was
1. As root, mount the backup, in this case as /mnt/backup.
2. As myself, mount as usual but change the names:
encfs /mnt/backup/home/felix/.encrypted ~/tmp/plaintext
3. Copy the file as plaintext:
cp -p ~/tmp/plaintext/path/to/file ~/.plaintext/path/to/file
Of course, if you backup as yourself, the root step is easily adjusted
to yourself.
It's been so long since I set this up that I do not remember the
details. There's a kernel module, maybe dm-crypt. You probably have
to enable something in the kernel config. But once done, it's easy as
pi and just as tasty, and I really like the fact that root cannot get
access to the plaintext. For some reason, that just tinkles me pink.
--
... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._.
Felix Finch: scarecrow repairman & rocket surgeon / [email protected]
GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933
I've found a solution to Fermat's Last Theorem but I see I've run out of room o
