Skip to content
Snippets Groups Projects
Normal view History Permalink
index.rst 2.44 KiB
Newer Older
Arie Peterson's avatar
Improvements suggested by Mart  
Arie Peterson committed
1 
.. CryptOps documentation master file, created by
Maarten de Waard's avatar
start documentation in sphinx
Maarten de Waard committed
2 3 4 5 6 7 8 
   sphinx-quickstart on Tue Oct 17 10:00:20 2017.
   You can adapt this file completely to your liking, but it should at least
   contain the root `toctree` directive.

CryptOps: Moving to a world with encrypted VPSs only
====================================================
Arie Peterson's avatar
Switch new consideration docs to rst layout  
Arie Peterson committed
9 
Full-disk encryption on Virtual Private Servers
Maarten de Waard's avatar
start documentation in sphinx
Maarten de Waard committed
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 
-----------------------------------------------

These days, data storage using the "cloud" or virtual private servers (VPSs) on
the Internet is extremely flexible and easy to setup. Anyone can boot a new VPS
within seconds and start storing information on it. However, the "cloud" is just
someone else's hard drive, which comes with certain security risks.
Infrastructure providers can access "your" data stored on the cloud with extreme
ease. But as managing your own infrastructure can be a nightmare for some, it
comes with no surprise that virtual private servers have gained immense
popularity over the last several years.

Is it possible to use virtual systems and still make sure that all your data is
stored encrypted, so only the user has access to the data and not the service
provider? Existing solutions often rely on encryption keys being managed by the
service providers themselves or the data being encrypted at the application
level.

CryptOps is a new, provider agnostic approach which makes full-disk encryption
at the Virtual Machine layer more accessible and secure for the average user.
Users can encrypt their VPSs by logging into a `Dropbear SSH`_ shell
that runs in the initrd. In this environment, the user is allowed to type
commands into the "CryptOps Client", which communicates with the local "CryptOps
API" to encrypt and unlock disks. This open source tool currently supports
encrypting and decrypting new and already existing VPSs. It also allows the user
to manage their SSH and LUKS encryption keys. The CryptOps framework has been
designed to be open & extensible, allowing it to support external client
applications in the future.

Find the code at `<https://code.greenhost.net/open/cryptops>`_ and an example initrd at
`<https://code.greenhost.net/open/cryptops-initrd>`_

.. _`Dropbear SSH`: https://matt.ucc.asn.au/dropbear/dropbear.html
.. _Greenhost: https://greenhost.net

.. toctree::
   :maxdepth: 2
   :caption: Contents:
Arie Peterson's avatar
Switch new consideration docs to rst layout  
Arie Peterson committed
48 49 50 
   considerations
   usage
   api_documentation
Maarten de Waard's avatar
start documentation in sphinx
Maarten de Waard committed
51 52 53 54 55 56 57 58 59 



.. Indices and tables
   ==================
   
   * :ref:`genindex`
   * :ref:`modindex`
   * :ref:`search`