And, you'd like them encrypted on the remote system, not just protected between local and remove systems?
yes. It's about doing backups from my single most trusted machine, too, so I must prevent any sensitive information to leave this machine unencrypted completely.
Christian> 2. I realize that cryptoloop does not use checksums/signatures Christian> at all. Of course that means that an attacker can easily Christian> destroy my backup volume while in transit or while stored on Christian> the (broken in) backup server in subtle ways, so that I won't
That's where the NFS underlying layer to a large file might be a better choice than NBD.
It's not any different regarding secure cryptographic hashes than NBD - I even think they need *both* a secure transport layer (ssh tunnel or ipsec) to give any reliability against modification while in transit. And regardless from this, if I can't trust the server, I need crypto hashes with the key *I* am using in the encryption part of the archive -> which means inside crypto-loop. If crypto-loop does encryption but not encrypted checksums, there's basically no way to add that in back later. One could create signatures of the whole *encrypted* data and encrypt that signature ex post (with the same key being used by crypto-loop), *but* if I don't store the encrypted data on a trusted host, I can't create a trusted signature there either. So the signature must be generated before the data leaves the trusted machine - and since data leaves the machine in blocks that only crypto-loop and nbd know about, checksumming must be built into nbd or crypto-loop. Of course the latter would be the preferred way.
Now, independently of the above security considerations, do you mean that accessing a large file through NFS for crypto-loop purposes is going to be more stable than accessing it through NBD? Both NFS and NBD are in the kernel, and while NBD is *meant* to deliver block devices accessible by other kernel code, NFS files are meant to be accessed from userspace, so I have some doubt as to whether NFS files would be less prone to deadlocks when used for crypto-loop.
Christian. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
