I'm interested in an encrypted offsite storage scheme, but I don't want to depend on the vendor for encryption. I have an idea for doing so by combining sshfs with cryptsetup/dm-crypt/LUKS, but I'd like to know if there are any obvious problems with this scheme. Essentially,
- Use
sshfs
to mount a remote drive - Create a random encrypted volume via
head -c 10MB /dev/urandom > volume
- Make a LUKS container with
cryptsetup -y luksFormat ./volume
- Open the encrypted volume with
cryptsetup luksOpen ./volume myvol
- Format the volume via
mkfs.ext4 /dev/mapper/myvol
- Mount the encrypted volume
mount /dev/mapper/myvol /mnt
- When done, unmount the encrypted volume, close it, and unmount the remote drive
After everything is setup, I'd just use steps 1, 4, 6, 7. Anyway, again, I'm just interested in some kind of offsite encrypted storage scheme where I don't have to worry if my host is snooping or not. I'm interested if there are some possible issues with the scheme that I described above using sshfs combined with cryptsetup/dm-crypt/LUKS.