0
1
I'm using offlineimap to backup my Gmail on my VPS, in case Gmail might go down, get hacked or anything else might happen. I want to be able to do the following:
Have a recent backup of all my Gmail messages in a format (e.g. Maildir) that is possibly easy to restore to Gmail or any IMAP-based e-mail service
Encrypt the backup so it will not be readable if my VPS would get hacked or breached, also an additional layer of security (because VPSs are never secure anyhow) is a plus.
Bonus: be able to (temporarily) read/search my e-mail on my VPS using mutt in case of an emergency.
So far I've come up with two possible solutions:
- Use EncFS to encrypt the partition/directory where I store my maildir
- Individually encrypt each message with GPG as it gets saved from my Gmail with offlineimap
Solution 1 sounds the easiest because it will be rather easy to restore mails as the unencrypted EncFS mount will function just as any other normal directory. But, because it is always mounted it will add any additional security if my VPS gets breached.
Solution 2 sounds overcomplicated, but possible and better security-wise. I don't delete anything on Gmail, so I don't have a problem doing one-time encryption (which means it would be save in case of a breach). The problem is much more using this system in real events, e.g. when restoring in bulk, or reading separate messages. I have little experience in GPG so wouldn't know for sure what's feasible.
I'm probably overlooking possible better solutions? What would you suggest? I've been looking into Gmvault which seems to offer much of what I want, although the projects seems not to be in very active development.
Thanks for your thoughts/ideas!
P.S. I know there are many other factors to consider when using a VPS for backups such as shared memory, but I want to focus on the points above for now.
mdbraber
Posted 2014-06-03T15:44:43.843
Reputation: 35
I would use the operating systems ability to encrypt the system disk. This solution is the same solution if you were using an physical machine or a virtual machine ( which is exactly what a VPS is ). The fact its mounted makes no difference because the data is still encrypted and still requires your password to decrypt. Of course if you are really worried get a dedecated server. PGP or GPG isn't really a solution, since your VPS isn't sending/recieving the emails itself, its just copying unencrypted messages from another server – Ramhound – 2014-06-03T15:51:38.807
Thanks for your comment. What I'm struggling with (which is more my lack of understanding than anything else) is what would happen if my server would get breached. For the backup to work,
encfsneeds to run in daemon mode and therefore there would always be one version of the data left unsecured. What I'm looking for - I think - is a way to do a sort of one-time encryption, that has no insecure representation left after I've copied the unencrypted message... – mdbraber – 2014-06-03T16:13:21.973If nobody except you can access the virtual machine i am not sure what your scared of. If the VPS is every restarted nobody could view the contents. What sort of attack are you trying to prevent exactly? You can't really prevent the physical attack since its not a dedecated server, hell, but I don't see how anyone could access the contents of VPS with an encrypted filesystem. – Ramhound – 2014-06-03T16:33:09.207
@Ramhound: The VPS operator (and presumably NSA) have access to the hardware of the machine. If they are an untrusted party, which the original question seems to assume, then an encrypted filesystem is not helpful because they have the keys. – Icydog – 2014-06-03T16:46:04.200
@Ramhound I'm figuring the easiest attack would be that someone would get access to my user account that has the user daemon running where they could see the symmetrically encrypted files under that user. That would defeat the whole purpose of encrypting. – mdbraber – 2014-06-03T16:47:55.593
I'm learning more as we go. What I'm looking for (again, I think) is asymmetrical, on-the-fly encryption. So basically, file A gets moved to the system, gets encrypted using my public key and stays there (encrypted). These two links show more of what I'm thinking:
https://security.stackexchange.com/questions/6218/is-there-any-asymmetrically-encrypted-file-system http://www.gossamer-threads.com/lists/gnupg/users/51192
A pragmatic approach might be using one-way, timestamped syncing (if offlineimap offers this) and then running the transferred files on-the-fly (or cron-based) through GPG.