| 1 |
Neil Bothwick <neil@××××××××××.uk> writes: |
| 2 |
|
| 3 |
> On Fri, 01 Jan 2010 12:32:07 -0600, Harry Putnam wrote: |
| 4 |
> |
| 5 |
>> I want to encrypt a directory heirarchy on a remote machine where I |
| 6 |
>> don't have root. I can use either an openbsd, or gentoo remote. |
| 7 |
> |
| 8 |
> Provided the kernel has ecrypt support and the userspace utilities are |
| 9 |
> installed, you can use ecrypt to encrypt a directory as an ordinary user. |
| 10 |
|
| 11 |
I just discovered the remote where I want to do this has mcrypt on |
| 12 |
board so thinking tar first to get around any directory problems and |
| 13 |
then mcrypt.... I haven't actually tried it yet but anyone know if |
| 14 |
that is a non-starter. |
| 15 |
|
| 16 |
What I'm actually thinking of doing: |
| 17 |
|
| 18 |
I have an encfs encrpted partition on my home machine.. However I want |
| 19 |
a back up offsite. |
| 20 |
|
| 21 |
The encrypted partition would be mounted, the contents tarred/gzipped, |
| 22 |
mcrypt'ed on home machine then scp'ed to the remote for offsite |
| 23 |
storage once a week or so, overwriting each time. |
| 24 |
|
| 25 |
The remote also has mcrypt so in a pinch I hope to be able to |
| 26 |
unencrypt there (on the remote) if need be.. (Home machine becomes |
| 27 |
unusable or cannot be accessed for one reason or another) |
| 28 |
|
| 29 |
There is some sensitive stuff in there. But not black helicopter caliber. |
| 30 |
|
| 31 |
I guess I'm asking; if the remote were hacked for some reason, would my |
| 32 |
mcripted tarball be an easy target? |
| 33 |
|
| 34 |
I'm pretty confident the encfs partition on home machine is fairly |
| 35 |
safe, even if the host is compromised... (I mean assuming this isn't |
| 36 |
CIA operatives ...) They'd have first to get my user passwd... (root |
| 37 |
cannot access the encfs files but I guess with root you could just |
| 38 |
reset the user passwd..). And then the encfs partition password |
| 39 |
(which cannot be reset without knowing the current passwd. |
Archives