Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
.. Cryptops documentation master file, created by
sphinx-quickstart on Tue Oct 17 10:00:20 2017.
You can adapt this file completely to your liking, but it should at least
contain the root `toctree` directive.
CryptOps: Moving to a world with encrypted VPSs only
====================================================
Full disk encryption on Virtual Private Servers
-----------------------------------------------
These days, data storage using the "cloud" or virtual private servers (VPSs) on
the Internet is extremely flexible and easy to setup. Anyone can boot a new VPS
within seconds and start storing information on it. However, the "cloud" is just
someone else's hard drive, which comes with certain security risks.
Infrastructure providers can access "your" data stored on the cloud with extreme
ease. But as managing your own infrastructure can be a nightmare for some, it
comes with no surprise that virtual private servers have gained immense
popularity over the last several years.
Is it possible to use virtual systems and still make sure that all your data is
stored encrypted, so only the user has access to the data and not the service
provider? Existing solutions often rely on encryption keys being managed by the
service providers themselves or the data being encrypted at the application
level.
CryptOps is a new, provider agnostic approach which makes full-disk encryption
at the Virtual Machine layer more accessible and secure for the average user.
Users can encrypt their VPSs by logging into a `Dropbear SSH`_ shell
that runs in the initrd. In this environment, the user is allowed to type
commands into the "CryptOps Client", which communicates with the local "CryptOps
API" to encrypt and unlock disks. This open source tool currently supports
encrypting and decrypting new and already existing VPSs. It also allows the user
to manage their SSH and LUKS encryption keys. The CryptOps framework has been
designed to be open & extensible, allowing it to support external client
applications in the future.
Find the code at `<https://code.greenhost.net/open/cryptops>`_ and an example initrd at
`<https://code.greenhost.net/open/cryptops-initrd>`_
.. _`Dropbear SSH`: https://matt.ucc.asn.au/dropbear/dropbear.html
.. _Greenhost: https://greenhost.net
.. toctree::
:maxdepth: 2
:caption: Contents:
readme.md
api_documentation.rst
.. Indices and tables
==================
* :ref:`genindex`
* :ref:`modindex`
* :ref:`search`