FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 01-01-2010, 05:32 PM
Harry Putnam
 
Default How to encrypt a directory without root?

I want to encrypt a directory heirarchy on a remote machine where I
don't have root. I can use either an openbsd, or gentoo remote.
 
Old 01-01-2010, 08:15 PM
Neil Bothwick
 
Default How to encrypt a directory without root?

On Fri, 01 Jan 2010 12:32:07 -0600, Harry Putnam wrote:

> I want to encrypt a directory heirarchy on a remote machine where I
> don't have root. I can use either an openbsd, or gentoo remote.

Provided the kernel has ecrypt support and the userspace utilities are
installed, you can use ecrypt to encrypt a directory as an ordinary user.


--
Neil Bothwick

Gigabyte: (n.) more than you can comprehend and less than you'll need.
 
Old 01-01-2010, 08:49 PM
"Dirk Heinrichs"
 
Default How to encrypt a directory without root?

Am Freitag 01 Januar 2010 19:32:07 schrieb Harry Putnam:

> I want to encrypt a directory heirarchy on a remote machine where I
> don't have root. I can use either an openbsd, or gentoo remote.

Not having root access usually means no chance to mount something. That in
turn means that you can only encrypt on a per file basis. The best tool for
this would be GNU Privacy Guard (GPG).

HTH...

Dirk
 
Old 01-01-2010, 08:57 PM
"Ming-Che Lee"
 
Default How to encrypt a directory without root?

Hi,

On Friday 01 January 2010 19:32:07 Harry Putnam wrote:
> I want to encrypt a directory heirarchy on a remote machine where
> I don't have root. I can use either an openbsd, or gentoo
> remote.
>

Maybe of some help:

http://www.linuxjournal.com/article/9880

Regards,

Ming-Che
 
Old 01-01-2010, 09:19 PM
Johannes Kimmel
 
Default How to encrypt a directory without root?

Harry Putnam wrote:

I want to encrypt a directory heirarchy on a remote machine where I
don't have root. I can use either an openbsd, or gentoo remote.





Encfs could also be interesting for you.

Johannes
 
Old 01-01-2010, 11:29 PM
 
Default How to encrypt a directory without root?

On Fri, Jan 01, 2010 at 10:57:20PM +0100, Ming-Che Lee wrote:

> Maybe of some help:
>
> http://www.linuxjournal.com/article/9880

Looks good to me -- I use some FUSE encryption setup which looks
similar, but it's been years since I set it up. It wasn't hard. It
has one decided quirk which I consider a feature -- root can read the
encrypted volume for backup but *cannot* access the plaintext volume.
Another quirk is that filenames are padded to multiples of some
configurable length before encryption; these are visible to root. I
suppose root could even manipulate them, but I have never tried it.

I mount and umount it without root, but I think it required initial
root access to load a kernel module. Now that happens automatically.
This may be a problem if you have no root access at all.

If you need more details, I suppose I can figure out what I did, but
that Linux Journal article looks pretty thorough.

--
... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._.
Felix Finch: scarecrow repairman & rocket surgeon / felix@crowfix.com
GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933
I've found a solution to Fermat's Last Theorem but I see I've run out of room o
 
Old 01-03-2010, 03:12 AM
Harry Putnam
 
Default How to encrypt a directory without root?

Neil Bothwick <neil@digimed.co.uk> writes:

> On Fri, 01 Jan 2010 12:32:07 -0600, Harry Putnam wrote:
>
>> I want to encrypt a directory heirarchy on a remote machine where I
>> don't have root. I can use either an openbsd, or gentoo remote.
>
> Provided the kernel has ecrypt support and the userspace utilities are
> installed, you can use ecrypt to encrypt a directory as an ordinary user.

I just discovered the remote where I want to do this has mcrypt on
board so thinking tar first to get around any directory problems and
then mcrypt.... I haven't actually tried it yet but anyone know if
that is a non-starter.

What I'm actually thinking of doing:

I have an encfs encrpted partition on my home machine.. However I want
a back up offsite.

The encrypted partition would be mounted, the contents tarred/gzipped,
mcrypt'ed on home machine then scp'ed to the remote for offsite
storage once a week or so, overwriting each time.

The remote also has mcrypt so in a pinch I hope to be able to
unencrypt there (on the remote) if need be.. (Home machine becomes
unusable or cannot be accessed for one reason or another)

There is some sensitive stuff in there. But not black helicopter caliber.

I guess I'm asking; if the remote were hacked for some reason, would my
mcripted tarball be an easy target?

I'm pretty confident the encfs partition on home machine is fairly
safe, even if the host is compromised... (I mean assuming this isn't
CIA operatives ...) They'd have first to get my user passwd... (root
cannot access the encfs files but I guess with root you could just
reset the user passwd..). And then the encfs partition password
(which cannot be reset without knowing the current passwd.
 
Old 01-03-2010, 09:30 AM
Neil Bothwick
 
Default How to encrypt a directory without root?

On Sat, 02 Jan 2010 22:12:29 -0600, Harry Putnam wrote:

> I have an encfs encrpted partition on my home machine.. However I want
> a back up offsite.
>
> The encrypted partition would be mounted, the contents tarred/gzipped,
> mcrypt'ed on home machine then scp'ed to the remote for offsite
> storage once a week or so, overwriting each time.

Why not just tar up the underlying encfs partition? The data is already
encrypted, what's the point of decrypting it to encrypt it again? That
way you don't need to rely on any encryption software on the remote
computer.


--
Neil Bothwick

Puns are bad, but poetry is verse...
 
Old 01-03-2010, 01:39 PM
 
Default How to encrypt a directory without root?

On Sun, Jan 03, 2010 at 10:30:03AM +0000, Neil Bothwick wrote:
> On Sat, 02 Jan 2010 22:12:29 -0600, Harry Putnam wrote:
>
> > I have an encfs encrpted partition on my home machine.. However I want
> > a back up offsite.
> >
> > The encrypted partition would be mounted, the contents tarred/gzipped,
> > mcrypt'ed on home machine then scp'ed to the remote for offsite
> > storage once a week or so, overwriting each time.
>
> Why not just tar up the underlying encfs partition? The data is already
> encrypted, what's the point of decrypting it to encrypt it again? That
> way you don't need to rely on any encryption software on the remote
> computer.

Exactly. I have recovered files from an encrypted partition, and all
I have is the backup of the encrypted data. I repeat the normal mount
procedure on the encrypted backup, recover my file, and umount it.

--
... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._.
Felix Finch: scarecrow repairman & rocket surgeon / felix@crowfix.com
GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933
I've found a solution to Fermat's Last Theorem but I see I've run out of room o
 
Old 01-05-2010, 09:09 PM
Harry Putnam
 
Default How to encrypt a directory without root?

Neil Bothwick <neil@digimed.co.uk> writes:

> On Sat, 02 Jan 2010 22:12:29 -0600, Harry Putnam wrote:
>
>> I have an encfs encrpted partition on my home machine.. However I want
>> a back up offsite.
>>
>> The encrypted partition would be mounted, the contents tarred/gzipped,
>> mcrypt'ed on home machine then scp'ed to the remote for offsite
>> storage once a week or so, overwriting each time.
>
> Why not just tar up the underlying encfs partition? The data is already
> encrypted, what's the point of decrypting it to encrypt it again? That
> way you don't need to rely on any encryption software on the remote
> computer.

I wanted the option of decrypting on the remote if need be... that is
if my home machine is not accessible for whatever reason.

For example, if I wanted a forgotten password laying in a text file
but encfs encrypted and on the remote. When for one or another reason
I cannot get it from the home machine.

In your scenario, I'd need access to both home machine and remote at
the same time to first get the blob of encrypted data off the remote
and then to decrypt it on home.

Or am I missing some easy solution?

I've been having a troublesome freeze up on the home machine and not
making much progress in debugging it.

Of course the remedy is to fix whatever is causing it but for now,
when it happens the machine cannot be accessed from keyboard, or by
ssh. It requires a full (hard) reboot to get it going again.

If I happen to be away from home when that happened, I'd want access
to a backup on the remote... but it would need to be decrypted to
be of any use.
 

Thread Tools




All times are GMT. The time now is 01:12 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org