Comment

Comment on Private network storage for my users?

avidamoeba@lemmy.ca ⁨6⁩ ⁨days⁩ ago

LUKS-encrypted images won’t have bad performance.

source

Sort:hotnew top

just_another_person@lemmy.world ⁨6⁩ ⁨days⁩ ago
Those aren’t end-to-end encrypted from the user, and would need to be mounted on the local system with a key that is unique to each user. Not exactly user-friendly if supporting multiple users.

source
- avidamoeba@lemmy.ca ⁨6⁩ ⁨days⁩ ago
  Not sure I’m getting you. Let me explain what I mean:
  
  Host exposes a network share (1-time setup)
  
  Client mounts the network share (N-time setup, could be automated)
  
  Client creates a LUKS or VeraCrypt file in that network share, secured with their key. The key is generated on the client and it doesn’t enter the host. (1-time setup)
  
  Client decrypts the image with their key and mounts it on the client (N-time setup)
  
  Client modifies data in the decrypted vol
  
  Client unmounts the volume (N-time, not required)
  
  Client unmounts the network share (N-time, not required)
  
  At no point does the client’s key leave their computer and the host only ever sees encrypted data.
  
  source
  - just_another_person@lemmy.world ⁨6⁩ ⁨days⁩ ago
    OP said they DON’T want LUKS. I’m also missing how the admin of the server (OP) wouldn’t have or store the keys unless and have these mounts available at all times?
    
    You seem to be suggesting there is some way for a remote user to mount a LUKS image on its host, which is not a thing unless you’re first SSH’ing to said host and mounting it and making it available for export mount elsewhere, which is clearly not what OP is asking for here when they just want space for people to store media. Maybe I’m misunderstanding.
    
    There Hook, Filen, Yeetfile, BatchIT…tons of these self-hosted stacks that do this with auth and user management built in. That’s what OP is asking about.
    
    source
    avidamoeba@lemmy.ca ⁨6⁩ ⁨days⁩ ago
    The host mounts no LUKS. The host just exports a network share via NFS. The client mounts that NFS share to a local mount pount. Then the client has a dir which actually resides on the host. So far completely standard NAS stuff. Then the client creates a file in that dir. E.g. secretcontainer.img. This file is then encrypted on the client using cryptsetup (LUKS). Then it’s mounted on the client using LUKS. All the LUKS stuff happens on the client. The host just sees a file appear called secretcontainer.img on its storage. The same idea would work with VeraCrypt instead of LUKS. Or Cryptomator. Or anything else that can store encrypted data in file(s) in a directory.
    
    source
    -> View More Comments