I have yet to find an encryption solution that I'm really happy about. I've been using ubuntu's native home encryption while I figure out what I want to do.

My main concern is security. I manually mount. It'd be nice to automount, but I don't see how that can be secure.

I would like to use a solution that doesn't involve pre-allocating space. Still on the fence with if I wan't file names to be visible.


What are your encryption solutions? Server/Desktop, whatever.

Well, I use "realcrypt" but I pre-allocate space.

I select and mix SSL, GPG, EncFS or LUKS depending on goal.
If the goal requires mounting manually then so be it.

I'm using a combination of LUKS, TrueCrypt, and GPG. A word of caution about automounting. This typically means having a key file or passphrase available at mount time, which may undo your security goals.

1 members found this post helpful.

Possibly sshfs ?

I made a couple of years a go, a live cd that when you installled it, would encrypt the swap, root and home, then copy the contents of the live cd to hard drive. It would then create a decryption cd that you could either hold the decryption keys on it, or upload/download the from a ssh server. Unfortunately i don't think i still have a copy of it around, might have been something you could have used, I've have been trying to work on another later version but don't have the time over the last year or so.

AAAAAAActually, I failed to state my main goal here. I need to share the encrypted media over the network.

With Windows, I create a share after I mount the encrypted media.

But with linux, I don't know how to mount that encrypted media and make it available to network clients.

Also, with TrueCrypt I will not be able to mount read-write more than once so that's out!

I'm researching ecryptfs, but if I had the answer I wouldn't be posting this



***Is there a way I can just share the TrueCrypt media at the application level like Windows? (not sure if that made sense)

The media is already encrypted and you want it to be safe over the network? Since you are researching means of encryption, you haven't decided how that media encryption is to be done,yet. You might include "encfs" in your research. It is similar to "ecryptfs" except that it is FUSE based, so it's easier to use by end users on Linux.

I've used NFS as a backing store with encfs. Client machines mount the NFS volume, then mount encfs over that and access files via the encfs encrypted mount point. What's stored is encrypted (subject to a few things encfs doesn't hide, like how many files there are, etc).

If you also want cross compatibility with Windows for the same data, you may be out of luck, because Windows tends to have commercial products from companies that want to make it as hard as possible to share with Linux.

1 members found this post helpful.

No, I want it safe on the disk, network security is a non-issue. I don't care about Windows, I'm phasing that crap out and you're helping!

Ideally, what I'd like to do is mount the encrypted media on the server and share the encrypted media on the network with NFS. Is that possible?

Thanks

Yes you can create an encrypted container or partition, mount it, and then share the mount via NFS.

There are actually a lot of methods you could use to do this. I personally like LUKS a lot but that is just me.

nomb

1 members found this post helpful.

^I feel stupid. Moreso satisfied.

Thank you.