0

I'm setting up an encrypted file storage on a remote server and I want to be able to use it transparently on my system. I want to be able to de-/encrypt them locally so that the server hosting the files won't be able to see what is stored. (So I can store sensitive files on pretty much any VPS, without having to consider their trustworthiness or the security of their infrastructure)

My current battleplan is to use NFS through SSH, with a dmcrypt container which is then mounted by the client. (I thought about using SSHFS, but multiple users are going to use the same share, which SSHFS' wikipedia page advised against)

So my question is:

  • If I have a dmcrypt container on a NFS server, will the file encryption/decryption happen locally on the client or remotely on the NFS server?

I would also appreciate it if you have any obvious caveats or got-ya's I should be careful to avoid :)

jimboreeno
  • 3
  • 2

1 Answers1

1

dmcrypt is a Linux feature; the encryption happens on your Linux client.

NFS provides basic file operations such as open, close, read, and write. From the NFS server's point of view, your client is just doing those basic file operations on a huge file. It doesn't care what the contents are, what format the contents are in, or what the contents mean.

You should consider, though, that if your connection is ever disrupted, your dmcrypt image could become corrupted. (If you weren't running an entire image on NFS, then the damage would be limited to specific files that were open at the time of the disruption.)

200_success
  • 4,771
  • 1
  • 25
  • 42
  • Thanks for your answer! About file corruption, I intend to format the container with a journaling filesystem so if the connection dropped the errors would most likely be recoverable, while also having regular backups of the container. – jimboreeno Sep 08 '13 at 19:44