I want to store sensitive data on on my (public) linux server. Also, I want to be able to access the data from different locations and different OS without much hassle. I thought about using a (simple) web-form, maybe also a samba-share which is hidden behind a VPN. Since I want to access the data very sparsely, I would also prefer a system where the data is always encrypted and is decrypted only if I want to access it.
Most solutions for data encryption I found do not seem to fulfil the latter criterium: The way I understood systems like LUKS or EncFS, they are usually holding a decrypted copy of the files. Also, I would like to have a lean system, which does not come with much overhead. Owncloud would probably do something like I'm looking for, but also comes with a lot of administration.
After thinking about the problem some time I came up with the following idea:
Encryption
- Encrypt the data using a random key and EncFS
- Encrypt the key using RSA and my public certificate and put it on a (public?) website.
- Forget the key.
Data-Access
- Open the website and copy-paste the key
- Decrypt the key using a private certificate and a smart-card
- Fill-in the decrypted key in a textbox on the website
- Now a script either mounts the EncFs-Volume in a samba-share (see above) or in a directory of the webpage which is protected using .htaccess.
How secure would such a system be? I would assume that the critical part is the one where the data is decrypted, but accessible. My questions are now the following:
- Did I overlook something in the system which generates security problems?
- How secure is .htaccess protection on a nginx web server? Are there ways to improve the part where I access the files?
- If there should be existing solutions to my problem I did not find, please tell me.
Looking forward to hearing from you!