Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I want to encrypt data coming over the wire and write it to disk encrypted. This is details of members of a NFP organization.
I've searched on the net and found only "loop-AES" as a likely suitable tool.
1) Is there other tools? (I do not want to encrypt a file or a partition or a disk)
2) Does anyone know of a suitable howto or similar?
3) The data is encrypted coming through HTTPS, Is there a way I can make use of that encrypted data?
It seems silly to me that the in-coming data has to be decrypted and then encrypted again.
It's not a stupid question. Here in .au the tax office calls it a "Not For Profit" organization, other countries will probably have other acronyms.
I probably have the wrong concept of encryption, according to what I've read and according to your answer I visualize the manual encryption of a file that would make this file unsuitable for expansion with non-encrypted data.
Does file encryption mean that when non-encrypted data is appended to the file, it is detected that the file is encrypted and the data is then encrypted before being appended? Does the same apply to a partition or a disk?
I've not found anything on the web explaining this point. All I've found is relating to someone deciding "well.. I'll encrypt the file now" which is not what I need.
I've searched LQ answers but if my perception of encryption is wrong, I've probably entered unsuitable keywords which lead to my finding not much.
Thanks to Matir.
The encryption is only intended to protect the data in case the computer is stolen.
The system is still to be implemented but the idea we have is to synchronize a few computers in different locations as servers and set them up so that if the main server gets offline, another one takes over within minutes.
The automatic reboot is not contemplated at all, on the contrary.
These computers are likely to be set up in different countries.
The encrypted file(s) will have to be read at random, for example if a user/client wants to change some details (address or password etc), The files involved are "flat files".
I suppose I can just read one record like any other unencrypted file.
How can I find the length of the record created by md-crypt without having to go through the docs of each encryption methods supported by md-crypt?
This makes it more complicated than I anticipated.
What is the common approach then? For example the encrypted file contains names and addresses and a member wants to change his or her details with a change of address.
Is a file of 4 members making a bock of 512 bytes a possibility?
Quite honestly, I'm not aware of any cases of much being stored in an encrypted disk/file for multi-user access. I store a list of my more obscure passwords in a GPG-encrypted file, but that's about all I know of.