Anyone got any experience/suggestions for a way to store a directory of sensitive information on a CentOS box? This directory contains many scripts and output files, I need it backed up but not unencrypted and don't want to store it in a tar file type archive as when it needs to be accessed and have scripts executed/data generated, it needs to be untarred/unencrypted and I don't know the ramifications of this wrt recovery once its retarred and deleted. I was hoping it could be stored somehow such that it was decrypted on the fly when needed by entering a pass/keyphrase before use. Thus it could be backed up and remain encrypted. Is dm-crypt the simplest option here? None of our servers have a gui. Thanks! jlc
I use encfs, http://www.arg0.net/encfs, and it's working fine. Daniel. * Joseph L. Casale <JCasale at activenetwerx.com> [08/10/2009 13:26]:> Anyone got any experience/suggestions for a way to store a directory of > sensitive information on a CentOS box? This directory contains many scripts > and output files, I need it backed up but not unencrypted and don't want > to store it in a tar file type archive as when it needs to be accessed and > have scripts executed/data generated, it needs to be untarred/unencrypted and > I don't know the ramifications of this wrt recovery once its retarred and deleted. > I was hoping it could be stored somehow such that it was decrypted on the fly when > needed by entering a pass/keyphrase before use. > > Thus it could be backed up and remain encrypted. Is dm-crypt the simplest option > here? > > None of our servers have a gui. > > Thanks! > jlc > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos
On Mon, Aug 10, 2009 at 05:23:48PM +0000, Joseph L. Casale wrote:> Anyone got any experience/suggestions for a way to store a directory of > sensitive information on a CentOS box? This directory contains many scripts > and output files, I need it backed up but not unencrypted and don't want > to store it in a tar file type archive as when it needs to be accessed and > have scripts executed/data generated, it needs to be untarred/unencrypted and > I don't know the ramifications of this wrt recovery once its retarred and deleted. > I was hoping it could be stored somehow such that it was decrypted on the fly when > needed by entering a pass/keyphrase before use. > > Thus it could be backed up and remain encrypted. Is dm-crypt the simplest option > here?If you want to backup the directory while it is still encrypted (not mounted), look for encfs. But I prefer luks myself (uses dm-crypt). -- lfr 0/0 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20090810/7ba47cf3/attachment-0003.sig>
>If you want to backup the directory while it is still encrypted (not >mounted), look for encfs. > >But I prefer luks myself (uses dm-crypt).I see, looking at all of these, it looks like luks uses built-in modules and tools whereas the others need fuse or something like it. The luks option looks most integrated and there is a nice page in the wiki on it:) The data size is only a few megs, so I can create the file backed block device and let that get backed up, I will only mount it when I need it, then unmount it. Thanks everyone! jlc
On Mon, Aug 10, 2009 at 1:23 PM, Joseph L. Casale<JCasale at activenetwerx.com> wrote:> Anyone got any experience/suggestions for a way to store a directory of > sensitive information on a CentOS box? This directory contains many scripts > and output files, I need it backed up but not unencrypted and don't want > to store it in a tar file type archive as when it needs to be accessed and > have scripts executed/data generated, it needs to be untarred/unencrypted and > I don't know the ramifications of this wrt recovery once its retarred and deleted. > I was hoping it could be stored somehow such that it was decrypted on the fly when > needed by entering a pass/keyphrase before use. > > Thus it could be backed up and remain encrypted. Is dm-crypt the simplest option > here?I kinda dig the FUSE encryption module: http://prefetch.net/blog/index.php/2007/05/29/encrypting-data-with-the-fuse-encryption-module/ Easy to set up, and works like a charm. Hope this helps, - Ryan -- http://prefetch.net