Network attached disk encrypted locally

The idea is provide a User remote access to a block-level device, which can be formatted and encrypted locally. So, a server won’t have encryption keys.

Throughput won’t be great, but hopes it will exceed 1 MiB/s which should be enough for most kinds of sensitive data.

Candidates for a block-level storage:

Authentication/authorization:

  • NBD seems to support some kind of TLS authentication/authorization.

Over-ssh variant example: GitHub - gavinhungry/ragnar: Mount an existing remote LUKS device with NBD over SSH.