Introducing: RAID-E
Introduction
Do you have some data you’d love to have backed-up, in real-time, somewhere else, but don’t trust the destination? RAID-E is a great solution for you. The concept is simple, every time you modify a file, RAID-E makes a copy, encrypts it using one of numerous methods described below, encrypts the name of the file as well (by default), and then copies it off to where it should be.
RAID-E is a FUSE filesystem that can use any underlying, mountable filesystem (or folders within the filesystem) as its sources and targets. You can, for example, RAID-E your “Documents” folder on your laptop to some Windows-shared space on a file server or NetApp. RAID-E may be ported to other FUSEless operating systems someday.
RAID-E supports a rainbow of encryption algorithms and works in one of three modes:
PGP/GPG Encryption
If you have a PGP/GPG key, and would like everything to be encrypted using that, RAID-E is happy to oblige, and will use your public key to encrypt your files before copy. If you want them signed as well, then you will need to provide your keyring passphrase in order to access your private and/or signing key.
Standard Encryption
RAID-E can generate an encryption key (or you can provide one) using one of a number of user-selectable algorithms which it will then encrypt (using one of a number, user-selectable algorithms) using a phrase of your choice. The encrypted key can be stored on a USB stick or other flash-based removable media. When RAID-E is mounted, the phrase is required to decrypt the key, allowing files to be encrypted.
Cornucopia Encryption
Using the same concept as ‘Standard Encryption’, Cornucopia uses a number of different encryption algorithms. Individual files are encrypted using a pseudo-randomly picked algorithm. For example, one file might use AES, while the next Two-Fish. While the security advantage of this is admittedly dubious (don’t Doghouse me, Bruce – I admit it!) , it won’t decrease your security and may protect fractions of your dataset against attacks directed at particular algorithms.
Bootstrapping/Offline Synchronization
To aid in the initial bootstrapping, and to make synchronizing after making off-line changes a snap, a tool called ‘mirror-e’ is also included. ‘mirror-e’ will use the same configuration and methodology as RAID-E to encrypt and copy any changed files or new files between the source and target.
Various Configurable Defaults
By default, RAID-E will never delete files from a target.
By default, RAID-E is only concerned with file names and contents, not metadata, attributes, etc.
Be default, RAID-E does not verify a copy operation.
By default, RAID-E will always overwrite a target file.
Status and Errata
RAID-E and its toolset is being developed independently, and will be released under the GPLv2 license.
