Re: [PLUG] Encrypting Sensitive Personal Information In the Cloud?

brent timothy saner on 9 Mar 2014 11:04:47 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Encrypting Sensitive Personal Information In the Cloud?

From: brent timothy saner <brent.saner@gmail.com>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] Encrypting Sensitive Personal Information In the Cloud?
Date: Sun, 09 Mar 2014 14:04:35 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:openpgp:content-type:content-transfer-encoding; bh=HYVQC1vLIp7wNnHc6AYAuPvKM1n6eGGg46DMdxmswdk=; b=k38DxNNrYy1fbk5wtyfdd+hJCot3MGoZr1/99CKoGQ9b6yTFMSv5zSPZI+BD8j+2Hq bOH/2cCz2dOts7CVHMd9IIPHpVtyCxBv2JS1guP9nvF+zUBuIRVptEVuAXgfOS4gNq3h 408dm/ekJsu9lZaosiAQdghIYuZMLC5r91HxjRphfeldNUwyljBmzmTBz5ek4ilCSX8X iN3+2/KuTKYGSOjsgkouf/IzhXkPkOOWb7sH22Ur9fwNVxZ/VdV3OaLDpD7QUcj02eAu soRjHGbf1gbyFzt/f97usg6P99ktYNEZ9nrnJJEEqCI9bWM5nfBQeTZZNjiln5jSvO82 fcFw==
Openpgp: id=93481F6B
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/09/2014 01:43 PM, Louis Kratz wrote:
> Yup, I'm pretty familiar with git-crypt. I'm considering that but
> am concerned about which cloud service that would be best with. I 
> definitely would not want it on github, and don't know exactly how 
> secure openssl encryption is for long-term storage (vs., say, man
> in the middle attacks).

personally, i'd just set up a loopback device/file and use LUKS or
gpg-encrypt them.

pain in the ass, sure, but there[0] are[1] some good solutions to make
the process less painful if you aren't into scripting. for your
specific instance (encrypted versioning), what i'd do is:

dd if=/dev/zero of=~/stuff.img bs=1M count=5120 #5Gb; adjust count= if
needed
losetup /dev/loop1 ~/stuff.img
cryptsetup luksFormat /dev/loop1
cryptsetup luksOpen /dev/loop1 taxes
mkfs.ext4 /dev/mapper/taxes
mkdir -p /mnt/taxes
mount /dev/mapper/taxes /mnt/taxes
cd /mnt/taxes ; git init .
## cp -a all your sensitive information to /mnt/taxes here
git add --all .
cd ; umount /mnt/taxes
scp ~/stuff.img [<user>@]<server/service>:/absolute/path/.

that way you get incredibly strong encryption (thanks to
LUKS/dm-crypt), but also versioning (and the versioning itself is kept
from prying eyes). just overwrite the destination file since the
versioning would be in the encrypted filesystem image itself. not
*quite* what you asked for, but definitely the most secure option.

[0] http://www.gnupg.org/related_software/frontends.html
[1] https://code.google.com/p/zulucrypt/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTHK0zAAoJEIwATC+TSB9r6dgQAM4ZRIcXgf11ePocL74at7bF
Ak39x3g0DOxBJYnawewSntESAg+L6a1qgVgvm7BLX9SXfk3OwTxervmMc1cr5HOx
Yu7Jk5D+5PMj30teYqBk9impNZD4SICyqx6NQuXqbeyxeUKlkKjPq+/doidAlwYJ
a/7t/P3X5JtVEu1IYpskUHnWtS9cEU2+VXM2wWlPQWJ3aY7+xZn9tSYiFjYBywKd
D38VrvHp4+zThoRgg2wbfs1hShONy8OpaSL81i4gV6yPte8nGZPZsFbwYSWq7KKg
UHsRYjHwHIMJ/cOsVuDKdwqsdvI5nCmXzALETFdVn2sUZ3nOPfcOF2nh3Fr7GLxX
Ew6i96sUHYcvX8avP4g6vewDK8cS2N6WQbcYk1Acl72n2kCJyjEUS4DKM/piCR6K
Pzt8qt9Yl9o5fXAbYNBRQ987k3cUXtWjSgbIG3cN9AKT73U1y4/ZgJAz5CSOaK9w
orZyRzEH5lyhBz+T6Bh8lGi6k2Y74FZIsf34ljKrueQeoaogk7L4WEB16DlRQg14
nRAW1wnd4zpIpBoLf8+x0pHpozBqSqMCmujQxgwJ2HHwyXj7FHE+o8sU+a2Ft0iT
vIBqt9Dl5ut7zcq+/pfcMrf3vjy6YzhCjSesx2Q/O1d4RcXHNGFMBShvvAJqVPgs
c/ztpNHxH9GO1fxu4en9
=4qb0
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Encrypting Sensitive Personal Information In the Cloud?
  - From: brent timothy saner <brent.saner@gmail.com>
- Re: [PLUG] Encrypting Sensitive Personal Information In the Cloud?
  - From: Louis Kratz <louis.kratz@gmail.com>

References:
- [PLUG] Encrypting Sensitive Personal Information In the Cloud?
  - From: Louis Kratz <louis.kratz@gmail.com>
- Re: [PLUG] Encrypting Sensitive Personal Information In the Cloud?
  - From: brent saner <brent.saner@gmail.com>
- Re: [PLUG] Encrypting Sensitive Personal Information In the Cloud?
  - From: Louis Kratz <louis.kratz@gmail.com>

Prev by Date: Re: [PLUG] Encrypting Sensitive Personal Information In the Cloud?
Next by Date: Re: [PLUG] Encrypting Sensitive Personal Information In the Cloud?
Previous by thread: Re: [PLUG] Encrypting Sensitive Personal Information In the Cloud?
Next by thread: Re: [PLUG] Encrypting Sensitive Personal Information In the Cloud?
Index(es):
- Date
- Thread