[Remops] Encrypting Remailer filesystem
Grant Taylor
gtaylor at tnetconsulting.net
Sun May 26 19:10:38 BST 2019
On 5/26/19 11:49 AM, Stefan Claas wrote:
> No, I only remember when law enforcement paid Christian a visit that
> he told the a.p.a-s community that his file system was encrypted.
ACK
> Zax once told us the required steps he used to do so.
I'd be interested in seeing those.
> A motivation in doing so was not mentioned. But I think it does not
> hurt to do so.
Agreed.
> I think it was another thread.
>
> The Remailer Server.
ACK
In some ways, the server is a bit more annoying to do than a client.
Mostly because you have to have the keys where the server can access
them on boot (thereby defeating the purpose) or manually do it when the
server starts (thereby rendering the server non-functional until you do it).
> Thanks for the info!
You're welcome.
> If you have detailed steps for doing that for a Remailer I would
> appreciated it very much and also hope that it can be done while the
> Remailer runs and that it is hopefully easy to do.
No, I don't have any directions per say.
From memory, here's what I did.
1) Created a new virtual disk for my VPS.
2) Used cryptsetup to encrypt said disk.
3) Used cryptsetup luksOpen to open the encrypted disk and make it
accessible.
4) Formatted the accessible encrypted disk.
5) Mounted the formatted encrypted disk somewhere. (/var/LUKS for this
discussion)
6) Created symbolic links from the directories that I wanted to be
encrypted to their counterpart on the encrypted file system. I.e.:
/home -> /var/LUKS/home
/etc/mail -> /var/LUKS/mail
7) I don't remember if I did anything special for shutdown or just let
init scripts handle it.
8) I have a script that I manually run after boot that does the
cryptsetup luksOpen, mounts the decrypted device, and starts services
that depend on things on the encrypted file system.
It's not graceful. But it has been stable across many reboots for ~5 years.
It also means that an offline copy of the data that I care about is
going to be difficult to get to.
If I were to (when I do) do this again, I'd look into the state of
encrypted disk support in operating systems & init scripts. I think
more have better support (as in greater than zero) for things.
Aside: I think I like encrypted block devices with file systems on top
of them better than things that encrypt files on top of a regular
unencrypted file system.
Regarding swap: According to crypttab's man page, there are options to
have the system create random keys to (re)encrypt and remake swap on
each boot. Thus your swap partition has different encryption each boot.
The rotation isn't as important as having encrypted swap. However,
having encrypted swap makes it more difficult to diagnose things that
rely on dumps to swap. But, choose what's important for steady state
(encrypted swap) vs debugging (unencrypted swap or predictable key).
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4008 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mixmin.net/pipermail/remops/attachments/20190526/6290eba6/attachment-0001.bin>
More information about the Remops
mailing list