writing encrypted data to disk
 

I want to encrypt data coming over the wire and write it to disk encrypted. This is details of members of a NFP organization.
I've searched on the net and found only "loop-AES" as a likely suitable tool.
Questions:
1) Is there other tools? (I do not want to encrypt a file or a partition or a disk)

2) Does anyone know of a suitable howto or similar?

3) The data is encrypted coming through HTTPS, Is there a way I can make use of that encrypted data?
It seems silly to me that the in-coming data has to be decrypted and then encrypted again.

Thank you for your help.

You *MUST* encrypt one of a file, partition or disk. Unfortunately, due to the nature of HTTPS versus on-disk encryption, you can't use it directly.

And, on a stupid question, what is an NFP organization?

It's not a stupid question. Here in .au the tax office calls it a "Not For Profit" organization, other countries will probably have other acronyms.

I probably have the wrong concept of encryption, according to what I've read and according to your answer I visualize the manual encryption of a file that would make this file unsuitable for expansion with non-encrypted data.

Does file encryption mean that when non-encrypted data is appended to the file, it is detected that the file is encrypted and the data is then encrypted before being appended? Does the same apply to a partition or a disk?

I've not found anything on the web explaining this point. All I've found is relating to someone deciding "well.. I'll encrypt the file now" which is not what I need.

I've searched LQ answers but if my perception of encryption is wrong, I've probably entered unsuitable keywords which lead to my finding not much.

Thank you very much for your help.

Well, let's approach it this way: what are you trying to accomplish? What attack vectors do you imagine? Stolen hard disk? Hackers?

Stolen computer. The computer involved will run unattended sometime.

Encryption and unattended can be hard to achieve. Are you desiring that it be able to reboot automatically and access the encrypted data?

Thanks to Matir.
The encryption is only intended to protect the data in case the computer is stolen.
The system is still to be implemented but the idea we have is to synchronize a few computers in different locations as servers and set them up so that if the main server gets offline, another one takes over within minutes.
The automatic reboot is not contemplated at all, on the contrary.
These computers are likely to be set up in different countries.

Well, if I were you, I would store this data on a dm-crytped partition or file. You'll still need to provide a passphrase once per boot to mount it, though.

Thank you Matir.

The encrypted file(s) will have to be read at random, for example if a user/client wants to change some details (address or password etc), The files involved are "flat files".

I suppose I can just read one record like any other unencrypted file.
How can I find the length of the record created by md-crypt without having to go through the docs of each encryption methods supported by md-crypt?

Thank you.

That would really depend on the crypto algorithm, but to unencrypt a subset of the file would only be possible with a block cipher, not a stream cipher, and only then in whole block increments.

This makes it more complicated than I anticipated.
What is the common approach then? For example the encrypted file contains names and addresses and a member wants to change his or her details with a change of address.

Is a file of 4 members making a bock of 512 bytes a possibility?

Thank you Matir.

Quite honestly, I'm not aware of any cases of much being stored in an encrypted disk/file for multi-user access. I store a list of my more obscure passwords in a GPG-encrypted file, but that's about all I know of.

Thank you Matir. I'll have to make myself more knowledgeable about dm-crypt.

No problem. Let me know if you have any more questions I can answer.