brent timothy saner on 9 Mar 2014 11:04:47 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Encrypting Sensitive Personal Information In the Cloud?


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/09/2014 01:43 PM, Louis Kratz wrote:
> Yup, I'm pretty familiar with git-crypt. I'm considering that but
> am concerned about which cloud service that would be best with. I 
> definitely would not want it on github, and don't know exactly how 
> secure openssl encryption is for long-term storage (vs., say, man
> in the middle attacks).

personally, i'd just set up a loopback device/file and use LUKS or
gpg-encrypt them.

pain in the ass, sure, but there[0] are[1] some good solutions to make
the process less painful if you aren't into scripting. for your
specific instance (encrypted versioning), what i'd do is:

dd if=/dev/zero of=~/stuff.img bs=1M count=5120 #5Gb; adjust count= if
needed
losetup /dev/loop1 ~/stuff.img
cryptsetup luksFormat /dev/loop1
cryptsetup luksOpen /dev/loop1 taxes
mkfs.ext4 /dev/mapper/taxes
mkdir -p /mnt/taxes
mount /dev/mapper/taxes /mnt/taxes
cd /mnt/taxes ; git init .
## cp -a all your sensitive information to /mnt/taxes here
git add --all .
cd ; umount /mnt/taxes
scp ~/stuff.img [<user>@]<server/service>:/absolute/path/.

that way you get incredibly strong encryption (thanks to
LUKS/dm-crypt), but also versioning (and the versioning itself is kept
from prying eyes). just overwrite the destination file since the
versioning would be in the encrypted filesystem image itself. not
*quite* what you asked for, but definitely the most secure option.


[0] http://www.gnupg.org/related_software/frontends.html
[1] https://code.google.com/p/zulucrypt/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTHK0zAAoJEIwATC+TSB9r6dgQAM4ZRIcXgf11ePocL74at7bF
Ak39x3g0DOxBJYnawewSntESAg+L6a1qgVgvm7BLX9SXfk3OwTxervmMc1cr5HOx
Yu7Jk5D+5PMj30teYqBk9impNZD4SICyqx6NQuXqbeyxeUKlkKjPq+/doidAlwYJ
a/7t/P3X5JtVEu1IYpskUHnWtS9cEU2+VXM2wWlPQWJ3aY7+xZn9tSYiFjYBywKd
D38VrvHp4+zThoRgg2wbfs1hShONy8OpaSL81i4gV6yPte8nGZPZsFbwYSWq7KKg
UHsRYjHwHIMJ/cOsVuDKdwqsdvI5nCmXzALETFdVn2sUZ3nOPfcOF2nh3Fr7GLxX
Ew6i96sUHYcvX8avP4g6vewDK8cS2N6WQbcYk1Acl72n2kCJyjEUS4DKM/piCR6K
Pzt8qt9Yl9o5fXAbYNBRQ987k3cUXtWjSgbIG3cN9AKT73U1y4/ZgJAz5CSOaK9w
orZyRzEH5lyhBz+T6Bh8lGi6k2Y74FZIsf34ljKrueQeoaogk7L4WEB16DlRQg14
nRAW1wnd4zpIpBoLf8+x0pHpozBqSqMCmujQxgwJ2HHwyXj7FHE+o8sU+a2Ft0iT
vIBqt9Dl5ut7zcq+/pfcMrf3vjy6YzhCjSesx2Q/O1d4RcXHNGFMBShvvAJqVPgs
c/ztpNHxH9GO1fxu4en9
=4qb0
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug