WebDAV with encrytped file storage
November 20, 2007 8:51 AM Subscribe
How can I securely store files for multiple users on my own remote server, while having the most optimal ease-of-access? Details inside.
I have a remote linux server (VPS) that I have full root access to. I would like to rig a system whereby the various members of my family (my users) can store files there. The requirements would be:
* my brother uses linux, my mom windows, so clients must exist for all platforms
* each user should have their own password and their own file area (ie. no peeking at other users' files)
* files should be stored encrypted on the server, so that neither I nor any Evil Employee can read the data
* my brother wants to be able to access his files from any computer he sits down at (cf. university computers etc)
* file data transfer over SSL rather than plaintext would be nice but is optional
I have looked into using various combinations of WebDAV, truecrypt, NFS, rsync, encfs, ... but I cannot find a simple solution that solves all my problems. The simplest would be a WebDAV being served by Apache over SSL with per-directory htaccess-style user authentication, but the drawback here is there is no file encryption at the storage side. I could use truecrypt, but then the files would be readable once the virtual partition is mounted, and I would like the files to be always encrypted. I have looked at http://ask.metafilter.com/66822/Best-way-to-back-up-remote-users-files and http://ask.metafilter.com/63613/BackupFile-Access-Filter they don't address all the requirements. Also the solution should use our server, as it's essentially free - I am aware that I could use a Amazon S3 + jungledisk solution.
Thanks for any suggestions!
I have a remote linux server (VPS) that I have full root access to. I would like to rig a system whereby the various members of my family (my users) can store files there. The requirements would be:
* my brother uses linux, my mom windows, so clients must exist for all platforms
* each user should have their own password and their own file area (ie. no peeking at other users' files)
* files should be stored encrypted on the server, so that neither I nor any Evil Employee can read the data
* my brother wants to be able to access his files from any computer he sits down at (cf. university computers etc)
* file data transfer over SSL rather than plaintext would be nice but is optional
I have looked into using various combinations of WebDAV, truecrypt, NFS, rsync, encfs, ... but I cannot find a simple solution that solves all my problems. The simplest would be a WebDAV being served by Apache over SSL with per-directory htaccess-style user authentication, but the drawback here is there is no file encryption at the storage side. I could use truecrypt, but then the files would be readable once the virtual partition is mounted, and I would like the files to be always encrypted. I have looked at http://ask.metafilter.com/66822/Best-way-to-back-up-remote-users-files and http://ask.metafilter.com/63613/BackupFile-Access-Filter they don't address all the requirements. Also the solution should use our server, as it's essentially free - I am aware that I could use a Amazon S3 + jungledisk solution.
Thanks for any suggestions!
See also.
I'm currently doing this with encfs+sshfs+rsync, myself. It works pretty well.
posted by dmd at 9:56 AM on November 20, 2007 [1 favorite]
I'm currently doing this with encfs+sshfs+rsync, myself. It works pretty well.
posted by dmd at 9:56 AM on November 20, 2007 [1 favorite]
Response by poster: rhizome: yeah, good point - although it would be ok to have files unencrypted briefly on the server. The realistic assumption is that Evil Employee is not monitoring us 24/7. So the decryption step could (should) take place on the server, with the keys being sent over by the client.
dmd: EncFS looked promising but it's linux-only, hence violates requirement 1 unless I put in some intermediate layer.
posted by spherical_perceptions at 12:12 AM on November 21, 2007
dmd: EncFS looked promising but it's linux-only, hence violates requirement 1 unless I put in some intermediate layer.
posted by spherical_perceptions at 12:12 AM on November 21, 2007
If you have files unencrypted even for a millisecond on the server, the evil employee can get them, and they don't have to be sitting there at that very millisecond rubbing their hands together and cackling to do so.
posted by dmd at 7:20 AM on November 21, 2007
posted by dmd at 7:20 AM on November 21, 2007
Response by poster: Update: I have figured out a solution. Instead of running encfs on top of WebDav (which was the way I was approaching it before), I will do the opposite and run Webdav (over https) on a folder that I can mount as encfs. This requires the user to mount and unmount the encfs folder for each session (providing encryption passphrase via a custom web interface, over SSL). When the folder is un-mounted, the data is secure. Admittedly this is cumbersome but it satisfies my requirements: 1, 4 and 5 are satisfied by WebDAV (over https); requirement 2 is satisfied by having Apache serve webdav and using htaccess authentication (over https), and defining each user manually in the apache config file; requirement 3 by encfs over webdav as described above. It's all a bit of a hack but for 3 or 4 users it's a good-enough solution.
dmd: yes, I'm aware this is not "perfect security" but I'm only after "good enough" security and encfs seems to provide that. One can go crazy trying to make the best solution but we're really talking about protecting family photos from prying eyes, not guarding national secrets!
posted by spherical_perceptions at 7:38 AM on November 26, 2007
dmd: yes, I'm aware this is not "perfect security" but I'm only after "good enough" security and encfs seems to provide that. One can go crazy trying to make the best solution but we're really talking about protecting family photos from prying eyes, not guarding national secrets!
posted by spherical_perceptions at 7:38 AM on November 26, 2007
This thread is closed to new comments.
So the question seems to be, how do you make encrypted files accessible from a random computer while maintaining security on the server side? There are going to be compromises here, so you should prioritize, but one datapoint to think about is that decrypting on a coffee shop terminal may not be possible.
posted by rhizome at 9:54 AM on November 20, 2007