Re: Encrypted backup
Christophe wrote:
Hi,
1) My goal is to upload daily some backups of my most important files
(spreadsheets, photos, ~ 3 Gb) to the server to another off-site server
(Debian too, with ssh access).
As I'm not the administrator of the remote server, I'd like to encrypt
everything (gnupg seems fine). As I've got only an 16 kb/s upload, I'd
like to use rsync or something similar, but as my computer is an old
one, I'd like to avoid reencrypting everything each time, and I'd like
to avoid storing a local encrypted backup to spare disk. So I have no
way to compare easily the encrypted backups and the local original
files.
I'm afraid that mounting an encrypted file on the remote server is not
feasible (fuse + sshfs + cryptoloop ?)... Anyway, I need to be able to
retrieve the encrypted files from another system (my Mac, even Windows
in the worst case).
The best I've thought of is hacking a shell script which stores the
timestamps of the remote backups somewhere, and if necessary encrypts
each file, and uploads it (scp or rsync, that won't change much).
Am I dreaming?
2) Another problem are the file names, that I'd like to hide. I'd need
something a bit more complicated than rot13, do you know one?
Thanks on advance for any idea.
here is an idea:
everything is on the client (data source) side (assuming passwordless
ssh to remote machine)
for each file to be backed up (possible over find -exec some_script)
# localtime, filename and path can be extracted from find , dirname
basename or whatever
remotefilename=`echo "$filename" |md5sum | cut -f 1 -d ' '`
echo "$filename==>$remotefilename" >> /somewhere/mapping.txt
ssh $remote_machine mkdir -p "'$path'" 2>/dev/null
remotetime=`ssh $remote_machine find "'$path/$remotefilename'" -printf '%t'`
if [ -z "$remotetime" ] || [ "$remotetime" != "$localtime" ]; then
encrypt local file with $remotefilename
scp or rsync it to remote_machine:$path
rm localcopy
ssh "touch '$path/$remotefilename' -d '$localtime'"
fi
after everything encrypt and send mapping.txt to remote machine
obviously one need to check/modify find's time output format and touch's
input format
this is a simple solution with too many ssh, but not much encryption,
an easier mapping would be
find . -printf 'echo "%f==>`echo "%f"|md5sum|cut -f 1 -d \\" \\"`"\n' |
bash > mapping.txt
if you would like to put every file in the same directory (for the
remote machine),
you can use %p instead of %f, and get rid of all path variables (and
mkdir etc),
similarly you can list the time stamps locally (with md5sum trick),
diff it with the remote one (simple find -printf %f %t as everything is
already md5summed)
(you will probably need sorting here)
then send and touch only the files that diff give you (from local side)
clearly this is a scratch with lots of bugs, but I don't think it would
take time to implement some real thing
at all.
(though an evil administrator can actually corrupt the backups by echo >
and then touching them with reference file)
--
aab
http://www.bayazit.net/alphan/
Reply to: