[Remops] Encrypting Remailer filesystem

Grant Taylor gtaylor at tnetconsulting.net
Sun May 26 19:10:38 BST 2019


On 5/26/19 11:49 AM, Stefan Claas wrote:
> No, I only remember when law enforcement paid Christian a visit that 
> he told the a.p.a-s community that his file system was encrypted.

ACK

> Zax once told us the required steps he used to do so.

I'd be interested in seeing those.

> A motivation in doing so was not mentioned. But I think it does not 
> hurt to do so.

Agreed.

> I think it was another thread.
> 
> The Remailer Server.

ACK

In some ways, the server is a bit more annoying to do than a client. 
Mostly because you have to have the keys where the server can access 
them on boot (thereby defeating the purpose) or manually do it when the 
server starts (thereby rendering the server non-functional until you do it).

> Thanks for the info!

You're welcome.

> If you have detailed steps for doing that for a Remailer I would 
> appreciated it very much and also hope that it can be done while the 
> Remailer runs and that it is hopefully easy to do.

No, I don't have any directions per say.

 From memory, here's what I did.

1)  Created a new virtual disk for my VPS.
2)  Used cryptsetup to encrypt said disk.
3)  Used cryptsetup luksOpen to open the encrypted disk and make it 
accessible.
4)  Formatted the accessible encrypted disk.
5)  Mounted the formatted encrypted disk somewhere.  (/var/LUKS for this 
discussion)
6)  Created symbolic links from the directories that I wanted to be 
encrypted to their counterpart on the encrypted file system.  I.e.:
        /home -> /var/LUKS/home
        /etc/mail -> /var/LUKS/mail
7)  I don't remember if I did anything special for shutdown or just let 
init scripts handle it.
8)  I have a script that I manually run after boot that does the 
cryptsetup luksOpen, mounts the decrypted device, and starts services 
that depend on things on the encrypted file system.

It's not graceful.  But it has been stable across many reboots for ~5 years.

It also means that an offline copy of the data that I care about is 
going to be difficult to get to.

If I were to (when I do) do this again, I'd look into the state of 
encrypted disk support in operating systems & init scripts.  I think 
more have better support (as in greater than zero) for things.

Aside:  I think I like encrypted block devices with file systems on top 
of them better than things that encrypt files on top of a regular 
unencrypted file system.

Regarding swap:  According to crypttab's man page, there are options to 
have the system create random keys to (re)encrypt and remake swap on 
each boot.  Thus your swap partition has different encryption each boot. 
  The rotation isn't as important as having encrypted swap.  However, 
having encrypted swap makes it more difficult to diagnose things that 
rely on dumps to swap.  But, choose what's important for steady state 
(encrypted swap) vs debugging (unencrypted swap or predictable key).



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4008 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mixmin.net/pipermail/remops/attachments/20190526/6290eba6/attachment-0001.bin>


More information about the Remops mailing list