Richi's blog

locally encrypted remote storage

Unlike the ordinary users, tech savy people are well aware of what can happen to your data, if you store it on cloud services such as dropbox. There are services that promise to encrypt your data locally, so that they can’t access them, a prominent one being wuala. On one hand, I don’t know if their client is open source, thus if you can check that you are really the only one capable of decrypting your data. And on the other hand it’s a paid service.

Usually, you can do almost everything that commercial products or services offer, free of cost but with a little investigative and manual effort on linux. This one seemed harder than usual, though. I found a post a while ago of how to mount a remote image file with sshfs, and mounting it locally with luks. The idea was compelling, but the author said it was not too stable, and I couldn’t even get it to work.

Last week, I found a very similar post. And this time, with some tweaking, I got it to work.

Here is the script that I put together. The error handling should be improved. In case of an error, it just jumps out, leaving it half initialized. Running the tear-down part all at once for such a state, could potentially delete the files on the server. So, be careful!

#! /bin/bash
# make a backup of my home directory on a remote box by pushing the git repo.

set -e

mkdir -p /tmp/bak_hd/A
chmod 700 /tmp/bak_hd/A
sshfs ulrichard@ulrichard.ch:/home/ulrichard/backups /tmp/bak_hd/A -o allow_root

if [ ! -e /tmp/bak_hd/A/home.img ]; then
	ssh ulrichard@ulrichard.ch bash -c"sudo dd of=/home/ulrichard/backups/home.img if=/dev/zero bs=1M count=400000"
fi

sudo mkdir -p /tmp/bak_hd/B
sudo chmod 700 /tmp/bak_hd/B
sudo losetup /dev/loop7 /tmp/bak_hd/A/home.img

#sudo cryptsetup luksFormat /dev/loop7
sudo cryptsetup luksOpen /dev/loop7 bak
#sudo mke2fs /dev/mapper/bak
sudo mkdir -p /tmp/bak_hd/C
sudo chmod 700 /tmp/bak_hd/C
sudo mount /dev/mapper/bak /tmp/bak_hd/C
echo "the locally encrypted remote storage is mounted at /tmp/bak_hd/C"

if [ ! -d /tmp/bak_hd/C/home.git ]; then
	mkdir -p /tmp/bak_hd/C/home.git
	(cd /tmp/bak_hd/C/home.git; git init --bare)
fi

git push /tmp/bak_hd/C/home.git master
echo "the locally encrypted remote storage is mounted at /tmp/bak_hd/C"
read -p "Press [enter] to close the storage again ..."

sudo umount /tmp/bak_hd/C
sudo cryptsetup luksClose  bak
sudo losetup -d /dev/loop7
sudo umount /tmp/bak_hd/A
sudo rm -rf /tmp/bak_hd

Posted

in

, ,

by

ulrichard

Tags:

, ,

Comments

One response to “locally encrypted remote storage”

  1. ulrichard Avatar
    ulrichard

    I should probably mention here, that the scripts have slightly improved over the years. They have been hosted on github for a long time:
    https://github.com/ulrichard/locally_encrypted_remote_storage

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *