Neil Bothwick <n...@digimed.co.uk> writes: > On Fri, 01 Jan 2010 12:32:07 -0600, Harry Putnam wrote: > >> I want to encrypt a directory heirarchy on a remote machine where I >> don't have root. I can use either an openbsd, or gentoo remote. > > Provided the kernel has ecrypt support and the userspace utilities are > installed, you can use ecrypt to encrypt a directory as an ordinary user.
I just discovered the remote where I want to do this has mcrypt on board so thinking tar first to get around any directory problems and then mcrypt.... I haven't actually tried it yet but anyone know if that is a non-starter. What I'm actually thinking of doing: I have an encfs encrpted partition on my home machine.. However I want a back up offsite. The encrypted partition would be mounted, the contents tarred/gzipped, mcrypt'ed on home machine then scp'ed to the remote for offsite storage once a week or so, overwriting each time. The remote also has mcrypt so in a pinch I hope to be able to unencrypt there (on the remote) if need be.. (Home machine becomes unusable or cannot be accessed for one reason or another) There is some sensitive stuff in there. But not black helicopter caliber. I guess I'm asking; if the remote were hacked for some reason, would my mcripted tarball be an easy target? I'm pretty confident the encfs partition on home machine is fairly safe, even if the host is compromised... (I mean assuming this isn't CIA operatives ...) They'd have first to get my user passwd... (root cannot access the encfs files but I guess with root you could just reset the user passwd..). And then the encfs partition password (which cannot be reset without knowing the current passwd.
