[Novalug] secure storage

Mark Smith mark@winksmith.com
Sun Jun 22 21:06:49 EDT 2014


i finished setting this up.  i think it's a pretty good balance.  i setup
a standard crypt setup using AES and a loopback device (aka cryptmount)
on the NAS itself.  i export the share using NFS after mounting the
loopback.  pretty straight forward.  while in my LAN it is protected
via normal unix DAC enforced by NFS.

the key is also stored on the NAS, but is protected by a passphrase.
i have to login and type a few commands after every boot to bring it up.
meanwhile, i opened a feature request for the same sort of thing to
be visible via the web interface for Open Media Vault.  if i get the
chance, i might look into contributing to the interface (seems to be
all javascript).

this will protect me when someone turns off the system (as would happen
when a thief steals the machine).  the backups are automatically encrypted
as well.  In case you care:

	http://bugtracker.openmediavault.org/view.php?id=1051
	http://bugtracker.openmediavault.org/view.php?id=7

OMV is working out pretty good so far.


On Thu, 12 Jun 2014, Mark Smith wrote:
> i'm thinking again about secure storage (banking records, receipts,
> that sort of stuff).  i was curious about what you folks do.  i used to
> have an encrypted image that i stored on my disk server and then exported
> via NFS.  locally it was protected via normal unix DAC, but remotely it
> was strongly encrypted.
> 
> well, i have a new NAS now... i'm quite happy with OpenMediaVault so
> far, but i don't know what to do with my securte stuff.
> 
> i'm trying out spideroak right now and just using the cloud.  that seems
> to be working, but i'm afraid that one cross command by myself or my wife
> will delete all copies of an important file and poof, it's gone.  i could
> do some backups of it, but that sort of defeats the purpose.
> 
> i could expose a disk image via NFS, but i have found that to be
> problematic because multiple people can mount it at the same time.
> alternatively, i can mount the disk and then export NFS and then i'm
> in the same boat as i was in.  plus, my new NAS doesn't like doing that
> sort of thing (no facilities for encryption).
> 
> anyone out there doing the same sort of thing?  got any ideas?

-- 
Hei konā mai
Mark Smith
mark@winksmith.com



More information about the Novalug mailing list