Hello
A disclaimer before I ask my question: I have a fair amount of Linux experience but configuring servers is something I don't do very often, which is why I'm asking for help (feel free to correct me if I say something blatantly incorrect).
I've recently gained the opportunity to set up a personal server with some friends of mine. We all trust each other, however we all agreed on the fact that if everyone has his own account and puts personal data on there, it should remain personal. I set up SFTP to secure the transfer of files and the session in general, however of course SFTP doesn't do much more than that: once the files are on the server or retrieved from it, its job is done. What I'm looking for is a way to encrypt and decrypt files on the server in a way that no other user (most importantly: even root) can decipher the data. Access to the folders is not such a big deal, as long as the contents and data of the files can't be accessed. I've searched and read a lot of information (apparently not enough) and decided to try out ecryptfs to automatically setup encryption and decryption when starting an SFTP session. Everything is working great, however there is only one catch: while the user is accessing his private data from ecryptfs, any user with root privileges can also view that data. Since there can be multiple remote users (admins) on the system at the same time, this is an issue and totally destroys the usefulness of ecryptfs IMHO.
Is there any way to obscure the data completely from any user on the server? Something that sprang to mind is moving the encryption/decryption to the client (i.e. he should use PGP or put the files in a password-protected file himself). This however is a hassle next to the fact that some of the users aren't as tech savvy. An automated way is thus preferred. I guess it would be possible to write a front-end for STFP and GPG to perform these tasks but writing apps for a subject I'm not an expert in is something I'd rather avoid. Any suggestions or input is welcome.
As a side note: the server is running linux whilst the clients are using Linux as well as Windows.
Thanks in advance,
Creature
Truly Private Data On A Server
Truly Private Data On A Server
When the chance of succeeding is 99%, there is still a 50% chance of that success happening.
Re: Truly Private Data On A Server
While encryption has nothing to do with access rights, you may want to check out some PKI solutions (some may include usb keys), which make decrypting file not practical for average users.Creature wrote:What I'm looking for is a way to encrypt and decrypt files on the server in a way that no other user (most importantly: even root) can decipher the data.
root has all the access by design, root can read everyone's file. Your best bet is encrypt the content instead.Creature wrote:Access to the folders is not such a big deal, as long as the contents and data of the files can't be accessed.
Re: Truly Private Data On A Server
What comes to my mind is the same - client side encryption.
Since you said no to this, my idea is: Create a separate server for the users to upload the files and an encryption key to. That server would encrypt them and upload to the main server, then reset itself to delete any logs, caches, etc.
Since you said no to this, my idea is: Create a separate server for the users to upload the files and an encryption key to. That server would encrypt them and upload to the main server, then reset itself to delete any logs, caches, etc.
Programming is 80% Math, 20% Grammar, and 10% Creativity <--- Do not make fun of my joke!
If you're new, check this out.
If you're new, check this out.
Re: Truly Private Data On A Server
Some PKI software are indeed very user friendly.Creature wrote:This however is a hassle next to the fact that some of the users aren't as tech savvy.