[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Encrypting the DataDir



> On 31 May 2017, at 21:36, Cristian Consonni <cristian@xxxxxxxxx> wrote:
> 
>> I wouldn't bother encrypting the entire DataDir, it contains
>> consensuses and descriptors, and (as of 0.3.1) will contain consensus
>> diffs and compressed consensuses, so it will get a bit larger.
>> 
>> The most sensitive part is probably the state file, but a relay's
>> guards are not that sensitive.
> 
> Encrypting the whole DataDir seemed to me the only viable configuration
> given that in torrc you can only specify where the DataDir is.

If you're using a Unix-based OS, you can encrypt any path:

1. prepare encrypted partition
2. copy keys to encrypted partition
3. make a backup of keys
4. remove contents of keys
5. umount <encrypted partition>
6. mount <encrypted partition> /var/lib/tor/keys

T
--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------

Attachment: signature.asc
Description: Message signed with OpenPGP

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays