> On 31 May 2017, at 21:36, Cristian Consonni <cristian@xxxxxxxxx> wrote: > >> I wouldn't bother encrypting the entire DataDir, it contains >> consensuses and descriptors, and (as of 0.3.1) will contain consensus >> diffs and compressed consensuses, so it will get a bit larger. >> >> The most sensitive part is probably the state file, but a relay's >> guards are not that sensitive. > > Encrypting the whole DataDir seemed to me the only viable configuration > given that in torrc you can only specify where the DataDir is. If you're using a Unix-based OS, you can encrypt any path: 1. prepare encrypted partition 2. copy keys to encrypted partition 3. make a backup of keys 4. remove contents of keys 5. umount <encrypted partition> 6. mount <encrypted partition> /var/lib/tor/keys T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------
Attachment:
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays