> > Hi,
> >
> > I just installed Qubes OS and I feel its freakin awesome!
> >
> > I am trying to set it up the way I want and one thing on my list is having 
> > a dropbox vm that provides simply just the cloud storage... I would like to 
> > run the actual encryption on a different qube because I dont at all trust 
> > dropbox.
> >
> > How would I setup a qube that runs dropbox and exposes its filesystem 
> > securely to another qube that runs encfs which in turn can then be used to 
> > safely store & view cloud files via qubes OS standard file sharing 
> > capabilities?!
> >
> > My idea was to run NFS on dropbox qube and connect to NFS with the encfs 
> > qube, but that's in several unfortunate.
> >
> > 1) I don't trust NFS
> > 2) NFS is unreliable in combination with EncFS
> >
> >
> > I want to get rid of the network connection...
> >
> > How would you solve this?
> >
> > Thanks a bunch!
> >
> The operative word here is 'expose'... There is probably no secure way 
> to share something as complex as a filesystem, which is why Qubes has no 
> built-in file sharing capabilities.
> You could use qvm-copy-to-vm or the equivalent in the context menu of 
> the file browser... but that copies whole files between vms.
> You could also create one disk image per vm on dropbox, and somehow set 
> them up as loopback devices in the dropbox vm. This allows you to 
> 'share' data to client vms as disk blocks using qvm-block, which is far 
> less risky than sharing filesystems. You would also have to encrypt the 
> disk images in each client vm to make this truly secure.
> Chris

What do you think about this:

Encfs-Qube contains plaintext & encrypted files and has a cron job that runs 
like every hour. This job will SSH into dropbox-qube and run Rsync to project 
all the changes onto the dropbox-qube (but ignores all the changes inside 
dropbox, which would also be nice in case dropbox deletes everything or 
modifies encrypted files etc.)

Dropbox-Qube just contains the public SSH key and see only encrypted files...

Is SSH + Rsync reasonably safe? Or do I have to assume an attacker could easily 
break into the encfs domain once he compromises dropbox? Remember that Rsync 
will not promote any changes in the dropbox domain back to the encfs domain... 
It will discard all the changes inside dropbox instead.

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to