Table of Contents

How to set up secure data storage with Owl

If you have some sensitive data on your server, you most likely want to protect its' confidentiality. Using strong cryptography is one of the easiest ways to achieve that.

Preparing the storage

As the data is sensitive, let's use the redundant array - RAID5, which requires minimum of 3 disks. Assuming that first two disks were used to create mirrored /, /var and /home filesystems, now we'll create the /dev/md3 using /dev/sdc1, /dev/sdd1, /dev/sde1, and /dev/sdf1 (type 0xFD, equal size):

mdadm --create /dev/md3 --level=raid5 --raid-devices=4 /dev/sdc1 /dev/sdd1 /dev/sde1 /dev/sdf1

Generating the encryption key

The easiest way to generate the encryption key is reading needed amount of bytes from /dev/random:

head -c128 /dev/random > storage_key.bin

This will read 128 bytes (1024 bits) of random data and write them to a key file. Store that key file in a safe place (GPG encryption to yourself is safe, local filesystem on the same computer is not).

Setting up the cryptoloop

Instead of mounting the array directly, the loopback device with transparent encryption is used:

cat storage_key.bin | losetup -p 0 -e twofish -k 256 -H sha512 /dev/loop0 /dev/md3

Now, you can work with /dev/loop0 as if it was real drive - for example, create the file system on it:

mke2fs -j -m0 /dev/loop0

mount it:

mount /dev/loop0 /storage -o noatime

and, of course, store some files there:

% df -h /storage
Filesystem            Size  Used Avail Use% Mounted on
/dev/loop0            2.7T  1.9T  823G  71% /storage

Unmounting the storage

When unmounting the storage, don't forget to either use -d option for umount:

umount -d /dev/loop0

or explicitly detach the loopback device:

umount /dev/loop0
losetup -d /dev/loop0

Backing up sensitive data

Don't forget to encrypt your backups as well (the long hexadecimal is the recipient's GPG key ID):

tar -C /storage --one-file-system -cz . \
| gpg -e -r 0xEF3B1FA8 \
| ssh user@some.remote.host dd bs=1M of=`hostname`-backup-`date +%Y%m%d`.tar.gz.gpg

When federals are knocking at your door...

Hopefully you will never need that, but… Well, simply destroy the key (burning the flash is not a bad method) and turn off the server.