On 31 May 2017, at 21:36, Cristian Consonni cristian@balist.es wrote:
I wouldn't bother encrypting the entire DataDir, it contains consensuses and descriptors, and (as of 0.3.1) will contain consensus diffs and compressed consensuses, so it will get a bit larger.
The most sensitive part is probably the state file, but a relay's guards are not that sensitive.
Encrypting the whole DataDir seemed to me the only viable configuration given that in torrc you can only specify where the DataDir is.
If you're using a Unix-based OS, you can encrypt any path:
1. prepare encrypted partition 2. copy keys to encrypted partition 3. make a backup of keys 4. remove contents of keys 5. umount <encrypted partition> 6. mount <encrypted partition> /var/lib/tor/keys
T -- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------