Received: from spf3.us4.outblaze.com (spf3.us4.outblaze.com [205.158.62.25])
	by sdf.lonestar.org (8.12.10/8.12.10) with ESMTP id i9SBSPw0023090
	for <migo@freeshell.org>; Thu, 28 Oct 2004 11:28:25 GMT
Received: from lists.gnu.org (lists.gnu.org [199.232.76.165])
	by spf3.us4.outblaze.com (Postfix) with ESMTP id C4D9B5363D
	for <migo@homemail.com>; Thu, 28 Oct 2004 11:28:00 +0000 (GMT)
Received: from localhost ([127.0.0.1] helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.33)
	id 1CN8ZY-0004tk-82
	for migo@homemail.com; Thu, 28 Oct 2004 07:36:04 -0400
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33)
	id 1CN8Z6-0004tZ-7g
	for gnu-arch-users@gnu.org; Thu, 28 Oct 2004 07:35:36 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33)
	id 1CN8Z5-0004t4-B9
	for gnu-arch-users@gnu.org; Thu, 28 Oct 2004 07:35:35 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.33) id 1CN8Z5-0004su-5U
	for gnu-arch-users@gnu.org; Thu, 28 Oct 2004 07:35:35 -0400
Received: from [195.92.195.172] (helo=cmailg2.svr.pol.co.uk)
	by monty-python.gnu.org with esmtp (Exim 4.34) id 1CN8Qm-0007ke-7d
	for gnu-arch-users@gnu.org; Thu, 28 Oct 2004 07:27:00 -0400
Received: from modem-1414.chameleon.dialup.pol.co.uk ([217.134.85.134]
	helo=localhost.localdomain)
	by cmailg2.svr.pol.co.uk with esmtp (Exim 4.14)
	id 1CN8Qj-0006By-2W; Thu, 28 Oct 2004 12:26:58 +0100
Date: Thu, 28 Oct 2004 12:33:51 +0100
From: Robin Green <greenrd@greenrd.org>
To: "Johann [Myrkraverk] Oskarsson" <johann@myrkraverk.com>
Subject: Re: [Gnu-arch-users] Encrypted archives?
Message-ID: <20041028113351.GB4446@localhost.localdomain>
References: <16768.32886.39554.978978@jin.myrkraverk.com>
	<4180A022.2040707@bel.ru>
	<16768.42994.817242.924422@jin.myrkraverk.com>
Mime-Version: 1.0
In-Reply-To: <16768.42994.817242.924422@jin.myrkraverk.com>
User-Agent: Mutt/1.4.1i
Cc: gnu-arch-users@gnu.org, Dmitriy Nikitinskiy <nick@bel.ru>
X-BeenThere: gnu-arch-users@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: a discussion list for all things arch-ish <gnu-arch-users.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/gnu-arch-users>,
	<mailto:gnu-arch-users-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/gnu-arch-users>
List-Post: <mailto:gnu-arch-users@gnu.org>
List-Help: <mailto:gnu-arch-users-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/gnu-arch-users>,
	<mailto:gnu-arch-users-request@gnu.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1275496851=="
Sender: gnu-arch-users-bounces+migo=homemail.com@gnu.org
Errors-To: gnu-arch-users-bounces+migo=homemail.com@gnu.org
Status: RO
Content-Length: 2835
Lines: 84

--===============1275496851==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="Y7xTucakfITjPcLV"
Content-Disposition: inline


--Y7xTucakfITjPcLV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Oct 28, 2004 at 08:04:02AM +0000, Johann [Myrkraverk] Oskarsson wro=
te:
> Dmitriy Nikitinskiy writes:
>  > Maybe try place archive and work directory to encryped filesystem?
>  > You can create they in regular file and mount via loopback device
>  > when need work with tla.
>=20
> Yes, this would work, for privacy, but in the case I wanted to
> distribute the archive to a finite set of people as outlined in my
> first mail, I'd had to transfer the entire filesystem (read archive),
> to that person where it would be decrypted, and than read from, even
> for just a single patch.
>=20
> There was another mail with some references to scripting and stuff,
> but I think the end result would be the same, transferring the entire
> archive for individual patches, and I think this can become extremely
> expensive, particularly if I start to mention laptops using dialup in
> a hotelroom...
>=20
> So despite the validity of those tips -- I will investigate the
> stuff -- my original question remains valid and (semi) un-answered.

CFS over NFS over SSH (!!) is a theoretical possibility, I think.
I haven't tried it though.

For NFS over SSH, see: http://www.math.ualberta.ca/imaging/snfs/
Note: "No changes to the kernel or existing daemons are required."

With CFS over NFS, the idea would be that you first mount an NFS share
containing the encrypted store, run a CFS daemon on the "local" side
pointed to the NFS mount point, and then mount the CFS filesystem
(which is exposed as an NFS share on the local machine) locally.
Et voila, transparent distributed filesystem. Again, CFS does not
require any changes to the kernel - it is 100% userland.

In theory. As I said, I haven't tried it. Although, I have tried CFS
on its own. It works well. Make sure you do backups correctly though.

--=20
Robin

--Y7xTucakfITjPcLV
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBgNkftPCt67UksSYRAn5dAJ4j70UqVqAIQTwBoKOZYY3BfkYvKwCgsg0/
VoC9qPf54ZRlg0u3yhcLB/A=
=uCao
-----END PGP SIGNATURE-----

--Y7xTucakfITjPcLV--



--===============1275496851==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Gnu-arch-users mailing list
Gnu-arch-users@gnu.org
http://lists.gnu.org/mailman/listinfo/gnu-arch-users

GNU arch home page:
http://savannah.gnu.org/projects/gnu-arch/
--===============1275496851==--