Filed under: Uncategorized
Since a couple of months I use rsync to mirror the data on my server on a remote location. This works perfectly fine, the only issue is that the data is not really hidden for the other people who have access to the server or mirror. I finally found a solution: rsyncrypto. With this tool I can encrypt my files and then use rsync to transfer it using as less bandwidth as possible.
Because I couldn’t find a nice tutorial that I can use as a reference, I wrote one based on http://pwet.fr/man/linux/commandes/rsyncrypto, http://www.linux.com/feature/125322, http://blog.wuxinan.net/archives/86
To install rsyncrypto:
sudo apt-get install rsyncrypto
Using OpenSSL, create a certificate and private key:
openssl req -nodes -newkey rsa:1536 -x509 -keyout rckey.key -out rckey.crt
To encrypt files:
rsyncrypto -r --name-encrypt=filemap /tmp/srcdir /tmp/dstdir foodir.keys rckey.crt
This will result in a directory tree containing encrypted files. If you want to hide the file names as well, use the --name-encrypt=filemap with rsync as in the code example. This will garble the file names and directory structure. The file filemap will contain the mapping between the original file names and the garbled names.
To decrypt files
rsyncrypto -dr --name-encrypt=filemap /tmp/encrypted /tmp/decrypted foodir.keys rckey.key
Now I was wondering: I need the keys to decrypt the files, but what if I loose them? Or do I need to backup them as well?
There are two decryption options: cold decryption and warm decryption.
Cold decryption: rsyncrypto -d /tmp/encrypted/filemap /tmp/decrypted/filemap /tmp/decrypted/filemap-keys rckey.key
In this example, the encrypted filemap that is generated automatically is used to restore the original filemap. Secondly, the keys are retrieved.
Now proceed with warm decryption:
rsyncrypto -dr --name-encrypt /tmp/decrypted/filemap /tmp/encrypted /tmp/decrypted /tmp/decrypted/filemap-keys rckey.key
Et voila, we got our very secret stuff back.
So, to answer the question on what files are important to have: it is really important to keep a safe copy of rckey.key because it enable cold decryption in case you lose the file keys.
Filed under: Uncategorized
With this http://ubuntuforums.org/showpost.php?p=2260791&postcount=10 I solved the shutdown issue. The computer halted during shutdown and did not power off.
Summary:
Step 1: Add
Code:
apm power_off=1
to your /etc/modules
Mine already had an entry so I just added the code directly below it and then hit enter to add 1 blank space at the end of the file. Basically it should look like this:
Code:
# /etc/modules: kernel modules to load at boot time.
#
# This file contains the names of kernel modules that should be loaded
# at boot time, one per line. Lines beginning with "#" are ignored.
lp
apm power_off=1
You may have other modules like fuse or p4_clockmod or whatnot. That’s ok. So long as you put in “apm power_off=1″ and keep a blank entry at the end of the file you should be ok. The blank entry might not be needed, but it was there when I started so I kept it.
Step 2: Add
Code:
acpi=off apm=power_off
to your /boot/menu.lst so it looks like this:
Code:
## ## End Default Options ##
title Debian GNU/Linux, kernel 2.6.18-3-k7
root (hd0,1)
kernel /boot/vmlinuz-2.6.18-3-k7 root=/dev/hda2 ro acpi=off apm=power_off
initrd /boot/initrd.img-2.6.18-3-k7
Filed under: Uncategorized
Just running the Dapper install CD did not work out, it just crashed. Got Dapper up and running with the suggestion taken from http://ubuntuforums.org/showthread.php?p=2761200
Example grub menu entry:
## ## End Default Options ##
title Ubuntu, kernel 2.6.20-15-generic
root (hd0,0)
kernel /boot/vmlinuz-2.6.20-15-generic root=UUID=82efad91-9c28-4d6d-9f7a-ae83a90eeaa1 ro quiet splash pci=nomsi irqpoll noapic acpi=off
initrd /boot/initrd.img-2.6.20-15-generic
quiet
Problem left: when I shutdown, the computer does not shut off but halts.
savedefault
Filed under: Uncategorized
Address autocompletion in Evolution did not work fine for me and I changed some settings. That was a bad idea, as I was not able to reply to email anymore. It happened that I set the automatic contact feature to Global Address List, which in my case is LDAP and unwritable to me. This caused a time out – Evolution wanted to add the email address to the address book which was unwritable – and Evolution hanged. Changed the automatic contact source to something else and now it works like a charm again.
