Re: [Gnu-arch-users] Encrypted archives?

[Robin Green]

On Thu, Oct 28, 2004 at 08:04:02AM +0000, Johann [Myrkraverk] Oskarsson wrote:
> Dmitriy Nikitinskiy writes:
>  > Maybe try place archive and work directory to encryped filesystem?
>  > You can create they in regular file and mount via loopback device
>  > when need work with tla.
> 
> Yes, this would work, for privacy, but in the case I wanted to
> distribute the archive to a finite set of people as outlined in my
> first mail, I'd had to transfer the entire filesystem (read archive),
> to that person where it would be decrypted, and than read from, even
> for just a single patch.
> 
> There was another mail with some references to scripting and stuff,
> but I think the end result would be the same, transferring the entire
> archive for individual patches, and I think this can become extremely
> expensive, particularly if I start to mention laptops using dialup in
> a hotelroom...
> 
> So despite the validity of those tips -- I will investigate the
> stuff -- my original question remains valid and (semi) un-answered.

CFS over NFS over SSH (!!) is a theoretical possibility, I think.
I haven't tried it though.

For NFS over SSH, see: http://www.math.ualberta.ca/imaging/snfs/
Note: "No changes to the kernel or existing daemons are required."

With CFS over NFS, the idea would be that you first mount an NFS share
containing the encrypted store, run a CFS daemon on the "local" side
pointed to the NFS mount point, and then mount the CFS filesystem
(which is exposed as an NFS share on the local machine) locally.
Et voila, transparent distributed filesystem. Again, CFS does not
require any changes to the kernel - it is 100% userland.

In theory. As I said, I haven't tried it. Although, I have tried CFS
on its own. It works well. Make sure you do backups correctly though.

-- 
Robin

pgp0gF4hgiTDD.pgp
Description: PGP signature