4

Is there a library/tool available for linux, similar to dm-crypt/LUKS using RSA encryption instead of symmetric ciphers? I want the "public side" to only be able to create these volumes, and the private side to be able to read them just like a normal device.

I'm planning to use this for storing sensitive data backups. This way I would not have to worry about losing the encryption key on the machine creating the backups.

Michael Krupp
  • 191
  • 4
  • Is your concern that it should be possible to restore parts of the data if the system is interrupted, but only with the private key? If not, encrypting unmounted volume files or archives with e.g. GnuPG seems like an easier solution. I wouldn't mind a tool that locks on power loss while allowing appending data over a long-ish time frame though, so +1 for the question. (Asymmetric cryptography is usually used to protect an attached random symmetric key, since it's apparently very inefficient (cycles/key strength) compared to the latter. A sym. key in memory while it's mounted would work here.) – Tamschi Jul 11 '14 at 12:19
  • Yes, it should be possible to restore what's left if the process does not complete or the volume gets damaged in any way, using the private key. Currently I'm using symmetric encryption and attach the randomly generated encrypted symmetric key to the archive. Problem is, when the encryption key gets damaged or the machine crashes for some reason, the volume becomes inaccessible. – Michael Krupp Jul 11 '14 at 14:12
  • Would it be possible to save the encrypted symmetric key first? – Tamschi Jul 11 '14 at 17:47
  • Of course, but that would not help if the keyfile itself gets damaged. Well, I could save the keyfile several times, so I got a backup if one gets corrupted... I'm actually looking for a solution that does what LUKS does, but using RSA encryption. I really don't care if the backup/restore process is kinda slow. So inefficiency is no problem. I guess I will end up extending my current wolution with backup key spread across the actual data archive. – Michael Krupp Jul 11 '14 at 21:00

0 Answers0