I'm confused, the encrypted volume cannot be backed up without a key? On Wed, Oct 29, 2008 at 8:45 PM, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> On Wed, Oct 29, 2008 at 02:56:53PM -0700, Ted Unangst wrote: > > > > >I think I want root to be able to mount/access the directories so that > > >the data can be included in a backup set (which is then piped through > > >openssl for encryption) on a file-by-file basis rather than just > > >backing > > >up a filesystem image and risking the whole thing if that image > > >becomes > > >corrupted. > > > > Most of your requests are pretty common and come up frequently enough > > you should be able to find the answers, but this part makes me > > wonder. So how does root have the key? Do you type it in everytime > > you do a backup or is there a file called "dontreadthis" in /root? > > Lets say the key is in a file. Lets encrypt that file with openssl and > keep it in /root. Whoever runs the backup program is asked for the > passphrase to unlock the file. The backup program then uses that file > to mount the directories to back them up. > > > You could maybe do some tricks with cfs but it's a guaranteed shot in > > the foot. > > > > >Ideas? What do others do to secure /home? > > > > I don't let people steal my computers. > > Of course there's the risk/benefit/cost analysis. Gun cabinets or safes > bolted to the floor work but are expensive. I could get the same kind > of deterrence if I installed a big rack-mount 12U server full of a dozen > hard drives (think too heavy for one person to steal, assuming that they > recognized it as a computer in the first place). Software encryption is > free. > > Doug. > > -- Some software money can't buy. For everything else there's Micros~1.