support "reverse" mode
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eCryptfs |
Won't Fix
|
Wishlist
|
Unassigned |
Bug Description
Normally eCryptfs works by encrypting all writes in highfs and writing this encrypted data in lowfs. One of very nice feature is that encrypted files from lowfs can be safley synchronized with some backup server (modification times and other file properties are accessible), in example using rsync.
Example:
/home/baryluk/
|
\------> rsync to server
I think it will be very good idea to support somehow reversed mode of operation. We have some directory with plain text files (in. whole file system), and want to securly backup it to remote unsafe location. I would like to mount it to some directory and view there virtual files which will be encrypted, and can be securly backuped.
Example:
/home/baryluk/ (plain) ------ecryptfs-
What are advangaes of this?
Whole file system can be encrypted this way.
Content of files most times didn't need to be really encrypted. Most backup tool first consider metadata. Only size of encrypted file need to be calculated correctly.
There is no performance issues with encrypting all your data.
Format of encrypted files are compatible with ecrypts. So backups can be restored easly knowing full passphrase.
What you think about this?
Changed in ecryptfs: | |
importance: | Undecided → Wishlist |
Changed in ecryptfs: | |
status: | New → Confirmed |
information type: | Public → Public Security |
information type: | Public Security → Public |
Only problem I can see with this is if there is some additionall data in the header of encrypted file which can be random (in example part of encryption key). Then it is impossible to safly encrypt data to the exactly the same form
There are some ways but not really perfect:
1. reading headers of encrypted file in remote location,
2. storing headers in some other place,
3. using some predefined value for all files
4. using simple scheme based on the content of file, so reconstructing this data in deterministric way is easy.
So question is if there is any additionall random data needed to encrypt. I think it is because, simple doing:
touch ~/Private/{a,b}; md5sum ~/.Private/* (different md5sums)
leed to conclusion that encrypted files are keyed with some additional random informations beside my key.
My option if for solution numer 3.
There is also problem when data in lowfs is changing when reading data in highfs, but standard ecryptsfs have similar problems. And actually any backup tool will have this problem. This can be resolved using standard snapshoting techinques (particulary easy on btrfs or ZFS).
I forgot to add that reverse mode should be mounted only with readonly flag.
Still waiting for some comments. :)