Encrypting files and obscuring the filenames too?
October 17, 2006 8:17 AM   Subscribe

How can I store files on an untrusted linux server such that only I can read them - and such that only I know what they are? I'd like the files to be encrypted and the filenames not to reflect the contents.

The catch: I'd like this to be as transparent as possible for me to actually use. Nobody else but me needs access to these files, but I'd like to be able to use the files from day to day as if this encryption and filename obfuscation were not in place.

Possible problems: I have a relatively slow link to the server (cable modem speed), I only have a user account, and probably most damningly, FUSE is not available. (What I'm saying here is that some big monolithic encrypted filesystem is probably not the way I can go here, unless you can think of some way around these problems.)
posted by dmd to Computers & Internet (15 answers total) 4 users marked this as a favorite
Tarball/zip all of your file(s) along with a manifest (text file describing each of the other files). Encrypt with the date as the filename. ?
posted by Blazecock Pileon at 8:25 AM on October 17, 2006

It won't be fast, but you could run the the Network Block Device server on the remote system, and then encrypt that nbd device via loopback on your local machine. Keep in mind that there are some attacks possible here (mainly attacks where if someone can give you a specially crafted file and you then store it on your encrypted device, they can (statistically) prove that that file is on the device), and as an attacker can not only observe the data but also access patterns, they get another avenue of attack. But if your threat model is nosy individuals, you'd be fine. If you chose your filesystem carefully and tuned caching, performance might even be tolerable.
posted by fvw at 8:30 AM on October 17, 2006

Response by poster: I ideally would like to be able to interact with the files as if this situation were not in place at all - as of the files were not encrypted, were not obfuscated, were in fact just sitting in their directory plain as day.

fvw: can I really do that without root on the remote system?
posted by dmd at 8:36 AM on October 17, 2006

Yup, the nbd server is just a userspace process that serves up blocks from a file or device.
posted by fvw at 8:41 AM on October 17, 2006

Response by poster: Hmm. Ok, that's one possibility. I'd still rather have files be mapped to files, though, rather than a monolithic encrypted filesystem, if at all possible.
posted by dmd at 8:45 AM on October 17, 2006

Incidentally, Fuse not being available on the server isn't an argument against using Fuse, there are all kinds of backends for Fuse, you only need Fuse on the client machine to make things appear like a filesystem. You could also hack up some sort of fuse backend that works like sshfs (for which all you need is ssh access to the server) but encrypts files and filenames. I'd advise taking the nbd route though, it seems much more solid.
posted by fvw at 8:45 AM on October 17, 2006

Response by poster: Oh! Interesting, I hadn't thought of that. I'm not sure I can take the nbd route because this is a shared-hosting server (i.e., long-running processes are frowned upon). But the FUSE idea is a good one - I don't need access to the files on the server, I'm just making use of the disk space I have there. So I could have a FUSE system extremely similar to sshfs, but with encrypted files and filenames. I like that.
posted by dmd at 8:58 AM on October 17, 2006

Response by poster: I haven't tried it yet, but it looks like http://fsfs.sourceforge.net/ is exactly that - sshfs+encryption, where fuse runs on the client not the server... I'll report back...
posted by dmd at 9:20 AM on October 17, 2006

Response by poster: Oh, hmm. fsfs uses a server process. I wonder why it needs it.
posted by dmd at 9:24 AM on October 17, 2006

Response by poster: And needs root on both sides. Weird.
posted by dmd at 10:40 AM on October 17, 2006

Response by poster: I think I have an answer -- EncFS over sshfs.

File-based encryption, so I avoid the monolithic-store problem, but still encrypting the filenames.
posted by dmd at 3:14 PM on October 18, 2006

I'd like to see a brief writeup/howto of how you're doing this once you get it working to your satisfaction. Please keep me posted. Thanks!
posted by xiojason at 5:21 PM on October 19, 2006

Response by poster: I still haven't figured out a working solution. I *really* want something that I can use somehow cross-platform, where cross-platform could at least mean "both OS X and Linux" -- EncFS requires FUSE, so is Linux only.
posted by dmd at 7:56 PM on October 21, 2006

Response by poster: I've decided to go with EncFS-over-sshfs after all. EncFS comes with encfsctl, which if compiled statically doesn't need FUSE to be present, so I should (I haven't actually tried this yet) be able to access my files even on the server side without FUSE.

As for accessing them from OSes other than Linux, I don't know about that yet. For now I'll be mounting through a linux server via NFS or SMB or something.

I'm also thinking of trying to get the OSX FUSE project off the ground.
posted by dmd at 6:13 PM on October 28, 2006 [1 favorite]

Response by poster: MacFUSE has been released!

posted by dmd at 8:50 AM on January 12, 2007

« Older Fake leather jacket? In NYC?   |   Help me find people with l33t s|Newer »
This thread is closed to new comments.