Beagle Bone Black: Owncloud Part 3

So actually this is a little ex curs into cryptography of the elliptic curve type:
ECC provides 2 features that are interesting to me for this project:

1. Better security due to not being brute force-able by factoring only.
2. shorter key-length and therefore better suited to systems with limited resources like the Beaglebone Black 

The drawbacks

1. no support by CAs yet
2. very limited browser support (Firefox an d Chrome do support only 3 of the many curve-types that are supported by openssl 

To generate a compatible key:
openssl ecparam -out myveryown-ecc.pem -outform pem -name secp384r1 -genkey
Make a signing request:
openssl req -new -nodes -key myveryown-ecc.key -keyout myveryown-ecc.pem -outform pem -out myveryown-ecc.req

Sign it as usual (for example with your own CA: openssl ca -keyfile MyCA.key -cert MyCA.pem -in myveryown-ecc.req -out owncloud.moosbauer.net-ecc-cert-myveryown-ecc.pem -outdir .) and enjoy

To Dos out of this: bring ECC to the file encryption feature of owncloud.

Part 1 Part 2

Beagle Bone Black: Owncloud Part 2

Part 1

Move data storage to nfs mount on my nas

That was an easy task:

• service apache2 stop
• mkdir -p /mnt/nfs/nas1/owncloud/data
  where /mnt/nfs/nas1 is the mount point of my nas device
• cd /var/lib/owncloud/data
• cp -r * /mnt/nfs/nas1/owncloud/data
• chown -R www-data:www-data /mnt/nfs/nas1/owncloud/data
• cd /usr/share/owncloud
• rm data
• ln -s /mnt/nfs/nas1/owncloud/data data
• service apache2 start

first impressions so far

file encryption is slow, but that was to be expected
roundcube is an option (it works with gnupg) - this will be the next step an I will test it with imap to my google mail (I do use this @home with evolution and gnupg), before chosing, setting up and configuring a MTA

Beagle Bone Black: Owncloud

So hearing and reading all this NSA stuff, I thought getting back a little from the cloud would be nice. The intention is clearly not building a high performance sharing service but to have control over some files like my pwsafe file.

Owncloud has a good feature: it can be configured to encrypt data "in rest" using blowfish and with ssl you get encryption "in transit" as well

I selected Beagle Bone Black black for one reason: Power consumption

Selection the OS: Debian jessie

Use this link http://elinux.org/BeagleBoardDebian

Be carefull: the new --dtb option did not work for me
sudo ./setup_sdcard.sh --mmc /dev/sdX --uboot bone swap_file 1024
did the trick.

Booting from sdcard - apt get update and apt-get upgrade and finally apt-get install <packages that could not be upgraded>.

Time for owncloud

Followed this: http://software.opensuse.org/download/package?project=isv:ownCloud:community&package=owncloud

The order of commands there needed a little adjustment to work for me

echo 'deb http://download.opensuse.org/repositories/isv:ownCloud:community/Debian_7.0/ /' >> /etc/apt/sources.list.d/owncloud.list 

wget http://download.opensuse.org/repositories/isv:ownCloud:community/Debian_7.0/Release.key

apt-key add - < Release.key  

apt-get update

apt-get install owncloud

Time for ssl

Followed this: http://ubuntuserverguide.com/2013/04/how-to-setup-owncloud-server-5-with-ssl-connection.html

Did not need step 2 

And in step 9 the path for /etc/apache2/conf.d/owncloud5-ssl.conf was

/etc/apache2/conf-enabled/owncloud5-ssl.conf

That's it!

Things to do (maybe):

1. Move data storage to nfs mount on my nas
2. Integrating Mail - roundcube could be an option (if it works with gnupg)

to part 2