[tor-relays] Encrypting the DataDir
teor
teor2345 at gmail.com
Wed May 31 23:58:47 UTC 2017
> On 31 May 2017, at 21:36, Cristian Consonni <cristian at balist.es> wrote:
>
>> I wouldn't bother encrypting the entire DataDir, it contains
>> consensuses and descriptors, and (as of 0.3.1) will contain consensus
>> diffs and compressed consensuses, so it will get a bit larger.
>>
>> The most sensitive part is probably the state file, but a relay's
>> guards are not that sensitive.
>
> Encrypting the whole DataDir seemed to me the only viable configuration
> given that in torrc you can only specify where the DataDir is.
If you're using a Unix-based OS, you can encrypt any path:
1. prepare encrypted partition
2. copy keys to encrypted partition
3. make a backup of keys
4. remove contents of keys
5. umount <encrypted partition>
6. mount <encrypted partition> /var/lib/tor/keys
T
--
Tim Wilson-Brown (teor)
teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170601/44cb9b2a/attachment.sig>
More information about the tor-relays
mailing list