IMHO the safest option is indeed to use a split-dm kind of approach, as
suggested before: create a loopback file in the dropbox VM, expose this
via qvm-block to your working VM where you then do all the encryption
(using standard LUKS) and can either mount the thing right there or -
for extra security - expose to yet another VM, again using qvm-block:

dropbox VM: loopback file -> /dev/loop0 -> exposed with qvm-block to
crypto VM: /dev/xvdX -> dm-crypt -> /dev/mapper/plain -> exposed to
work VM: /dev/xvdX -> mounted somewhere and used as usual...

The only caveat is how Dropbox behaves if you have a file in it that
serves as backdrop for a loopback device - any thoughts on this?

Raphael

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f9994a6d-2c0f-0a7f-eb8a-3a2da837f49a%40raphael-susewind.de.
For more options, visit https://groups.google.com/d/optout.

Reply via email to