Converting bucket to encrypt

[Aaruni Kaushik]

I have a use case where I allocate a new bucket for every new user which registers, encrypt it by using the user password and mkfs.ext4 a partition on it. This is fairly time consuming.

For a quicker experience, I want to pre allocate user buckets with the filesystem on it, and then encrypt it with a user provided password when the user registers.

Is this supported by s3backer? If my understanding is correct, the program encrypts/decrypts each "block" independently, and it should not be hard to read a plaintext block and encrypt it while writing it back to S3.

[Archie Cobbs]

Hi Aaruni,

Make sure you're using the --listBlocks option, so writing zero blocks is instantaneous, otherwise initializing a filesystem can take a lot longer.

Aside from that, I don't see any easy answer here... s3backer doesn't support adding/removing encryption to an existing filesystem.

I supposed you could create a "boilerplate" bucket and pre-initialize it with an empty ext4 filesystem, then for a new user you would just need to startup two s3backer's and copy the non-zero blocks from boilerplate/file to newuserbucket/file.

Tthe empty filesystem is going to be very sparse, which is why it's important to only copy the non-zero blocks. You may need to write a custom program that knows exactly which blocks to copy - but this list is fixed and easy to determine.

-Archie

P.S. This list is manually moderated for spam avoidance, so sometimes there is a delay in messages being posted.

--

Archie L. Cobbs