[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnumed-devel] using cryptmount for postgresql cluster instance

From: syan tan
Subject: [Gnumed-devel] using cryptmount for postgresql cluster instance
Date: Mon, 11 Dec 2006 10:04:00 +1100

I received this via gnumed-devel-owner to which Syan had sent this, maybe not intentionally, so here it is on the list (Syan, I merged your initial post and self-reply into one message)... Jim

for those who have to carrying around a gnumed database on a laptop,

        you can use cryptmount ( a debian package)

        and read the man pages on howto setup a cryptmount directory.

        the idea is to map a block of disc space onto a device
        e.g. in a directory /dev/devmapper/   ,
        if the block device is named "opaque" then the mapping
        would be /dev/devmapper/opaque.

        Then setup opaque by first mounting it with cryptmount
        and customize the cryptmount configuration file
        in /etc/cryptmount/cm.conf ; an example mapping is given.
        basically, this associates the device with a key ;
        the key encrypts a secret key, which decrypts the
        the mounted device.

        the idea is to generate the key,
        mount the raw device using the option --prepare,
        make a new filesystem on the mounted device,
        then unmount the device.

        there after using , cryptmount  opaque  ( which
        is the name referring to the block which will
        be mounted on /dev/devmapper/opaque) , will prompt
        for a password, and if successful, mount
        the drive.

        then create a postgres cluster using initdb
        using the directory that the crypt device is mounted on.

        this of course , can still be a problem if you
        use hibernate or s2disk on your laptop,
        so it's a good idea to use the uswpswp package which
        provides s2disk , with a encrypted suspend image;

        of course, everything is as weak as the password(s)
        even though they can be configure to use AES encryption;
        at least cryptmount gives you the option easily of
        changing the password ;
        but I think s2disk you have to change the
        key manually, if you want to change the password.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]