I started trying to implement encfs based syncing but immediately ran into the following, quite well-documented problem:
22:28:37 (FileUtils.cpp:375) Archive exception: stream error 22:28:37 (FileUtils.cpp:326) Found config file encfs6.xml, but failed to load The problem is that I'm using different versions of ubuntu on my laptop and desktop so I guess they have different boost libraries. While I'll probably eventually sync them up I'm wondering if there's any way to salvage the situation. Is the encfs6.xml file just used to store the password? If so can I just generate a different encfs password on both machines but using the same password, etc...? If so will they both be able to decrypt the shared dirs or is that too easy? Alternately are there statically compiled encfs binaries available (or an easy way to set them up) that I could just use on both machines (I had to do this for unison anyway as its very version-sensitive too). thanks for any help (and all the help already offered!) On 03/01/2012 04:44 AM, Anthony Thyssen wrote: > On Wed, 29 Feb 2012 15:56:52 +0100 > Prefer Anon <my.m...@gmail.com> wrote: > | Hi Anthony, > | > | I may have been a bit unclear in what I was stating. I have three > | machines: a desktop, a laptop and a server. On the server i only wanted > | data stored in encrypted form (in case its compromised) whereas the > | desktop/laptop I'm using unencrypted for now (though might eventually > | encrypt). The desktop and laptop can mount the server using sshfs so when > | I say things like /server/laptop_enc I mean the sshfs mounted directory > | laptop_enc that really sits on the server. > | > Ok, what I initially thought. > > So to sync > mount the encrypted data using sshfs (or nfs) > create a encfs unencryted mount > unison locally between that and your local copy. > terminate encfs > terminate sshfs > > OR > encfs -reverse a encrypted version of the local data > unison between that and the server > terminate encfs > > OR > unison between server and a local encrypted data copy > and encfs to craete working unencrypted form when needed. > > All three will work. > > Other schemes involve a double sync > server <-> local encrytped <-> local unencrypted > and probably best avoided. > > Only the first uses unison on unencrypted data for conflict resolution, > that is when you change data differently on different machines without > syncing before the change. > > If unison is only working on encrypted data, you can replace unison with > other 'cloud' solutions (the server is somewhere in the cloud), that syncs > encrypted data, and may keep it synced anytime you are online. > For example dropbox. > > | 1 - Syncing encrypted blocks can be very confusing as I guess encfs has a > | complicated internal representation of the files. > | > That may only be a problem with sshfs whcih may not do 'block' level access. > EG only whole files are sync'ed. not partial files. > But encfs meta-data handling should keep that at a minimum. > > | 2 - How do I get the encfs keys between the desktop and the laptop without > | going through the server (which would invalidate the whole point of only > | keeping an encrypted copy there). > | > You will need to copy them at some point. > By default encfs (in reverse mode) copies the ".encfs6-config" file > between filesystems. I do not believe it does in normal forward mode. > > I myself prefer to keep ".encfs6-config" completely separate as added > security mechanism. And even add a extra password layer to allow user > passwords to be changed without needing the encrytped data to be > changed. Different users on different machines can have their own > separate password to the same data. Makes it easier for individuals. > > > | I am not sure about the final arrangement that makes sense here but in any > | setup the last question above will be an issue. How can I get the > | encryption keys easily between machines? > > USB, Mail, SCP? > > the file can be encrytped (is for me) and it really only has to be done > ONCE. > > | Are the keys generated once for > | each directory or are new keys generated for each file? I guess the same > | problem plagues people using encfs over dropbox with multiple machines. > | What do you need to get multiple machines to be able to decrypt the same > | encfs direcotry? > | > The key and config is only once for each encrypted mount. > and only needed when setting up teh mount. It does not need to be > available after the setup of encfs is complete. > > This is why I can store them in a file encrypted by the users key. > > > > > Anthony Thyssen ( System Programmer ) <a.thys...@griffith.edu.au> > -------------------------------------------------------------------------- > Zatherus warn Zartheris! But, arh, Zatheris never listens to Zatherus! > -- Babylon 5 > -------------------------------------------------------------------------- > Anthony's Castle http://www.ict.griffith.edu.au/anthony/ ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Encfs-users mailing list Encfs-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/encfs-users
