WebDAV with encrytped file storage

How can I securely store files for multiple users on my own remote server, while having the most optimal ease-of-access? Details inside. I have a remote linux server (VPS) that I have full root access to. I would like to rig a system whereby the various members of my family (my users) can store files there. The requirements would be: * my brother uses linux, my mom windows, so clients must exist for all platforms * each user should have their own password and their own file area (ie. no peeking at other users' files) * files should be stored encrypted on the server, so that neither I nor any Evil Employee can read the data * my brother wants to be able to access his files from any computer he sits down at (cf. university computers etc) * file data transfer over SSL rather than plaintext would be nice but is optional I have looked into using various combinations of WebDAV, truecrypt, NFS, rsync, encfs, ... but I cannot find a simple solution that solves all my problems. The simplest would be a WebDAV being served by Apache over SSL with per-directory htaccess-style user authentication, but the drawback here is there is no file encryption at the storage side. I could use truecrypt, but then the files would be readable once the virtual partition is mounted, and I would like the files to be always encrypted. I have looked at http://ask.metafilter.com/66822/Best-way-to-back-up-remote-users-files and http://ask.metafilter.com/63613/BackupFile-Access-Filter they don't address all the requirements. Also the solution should use our server, as it's essentially free - I am aware that I could use a Amazon S3 + jungledisk solution. Thanks for any suggestions!
Answer:

http://ask.metafilter.com/48778/Encrypting-files-and-obscuring-the-filenames-too I'm currently doing this with encfs+sshfs+rsync, myself. It works pretty well.

spherical_perceptions at Ask.Metafilter.Com Visit the source

Was this solution helpful to you?

Other answers

Decrypting on the server side is going to violate your third requirement since the keys will have to be on the server anyway, allowing Evil Employee to have all of the pieces required to decrypt. This fact may get in the way of requirement #4. So the question seems to be, how do you make encrypted files accessible from a random computer while maintaining security on the server side? There are going to be compromises here, so you should prioritize, but one datapoint to think about is that decrypting on a coffee shop terminal may not be possible.

rhizome

rhizome: yeah, good point - although it would be ok to have files unencrypted briefly on the server. The realistic assumption is that Evil Employee is not monitoring us 24/7. So the decryption step could (should) take place on the server, with the keys being sent over by the client. dmd: EncFS looked promising but it's linux-only, hence violates requirement 1 unless I put in some intermediate layer.

spherical_perceptions

If you have files unencrypted even for a millisecond on the server, the evil employee can get them, and they don't have to be sitting there at that very millisecond rubbing their hands together and cackling to do so.

dmd

Update: I have figured out a solution. Instead of running encfs on top of WebDav (which was the way I was approaching it before), I will do the opposite and run Webdav (over https) on a folder that I can mount as encfs. This requires the user to mount and unmount the encfs folder for each session (providing encryption passphrase via a custom web interface, over SSL). When the folder is un-mounted, the data is secure. Admittedly this is cumbersome but it satisfies my requirements: 1, 4 and 5 are satisfied by WebDAV (over https); requirement 2 is satisfied by having Apache serve webdav and using htaccess authentication (over https), and defining each user manually in the apache config file; requirement 3 by encfs over webdav as described above. It's all a bit of a hack but for 3 or 4 users it's a good-enough solution. dmd: yes, I'm aware this is not "perfect security" but I'm only after "good enough" security and encfs seems to provide that. One can go crazy trying to make the best solution but we're really talking about protecting family photos from prying eyes, not guarding national secrets!

spherical_perceptions

Related Q & A:

How To Build A Garden Storage?Best solution by familyhandyman.com
How to upload file to google cloud storage using Java?Best solution by Stack Overflow
How to use internal storage android?Best solution by Stack Overflow
Where can I get a good online file storage?Best solution by dropbox.com
How can I file a lawsuit against Public Storage?Best solution by Yahoo! Answers

Just Added Q & A:

How many active mobile subscribers are there in China?Best solution by Quora
How to find the right vacation?Best solution by bookit.com
How To Make Your Own Primer?Best solution by thekrazycouponlady.com
How do you get the domain & range?Best solution by ChaCha
How do you open pop up blockers?Best solution by Yahoo! Answers

For every problem there is a solution! Proved by Solucija.

Got an issue and looking for advice?
Ask Solucija to search every corner of the Web for help.
Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.