Re: Encrypted backup

To: Christophe <christophe@courtois.cc>
Cc: Debian Users <debian-user@lists.debian.org>
Subject: Re: Encrypted backup
From: "A. Alphan Bayazit" <listec@bayazit.org>
Date: Wed, 30 Mar 2005 08:42:37 -0500
Message-id: <[🔎] 424AACCD.1060403@bayazit.org>
In-reply-to: <[🔎] 200503292211.16390@christophecourtois.org>
References: <[🔎] 200503292211.16390@christophecourtois.org>

Christophe wrote:

Hi,
1) My goal is to upload daily some backups of my most important files(spreadsheets, photos, ~ 3 Gb) to the server to another off-site server(Debian too, with ssh access).As I'm not the administrator of the remote server, I'd like to encrypteverything (gnupg seems fine). As I've got only an 16 kb/s upload, I'dlike to use rsync or something similar, but as my computer is an oldone, I'd like to avoid reencrypting everything each time, and I'd liketo avoid storing a local encrypted backup to spare disk. So I have noway to compare easily the encrypted backups and the local originalfiles.I'm afraid that mounting an encrypted file on the remote server is notfeasible (fuse + sshfs + cryptoloop ?)... Anyway, I need to be able toretrieve the encrypted files from another system (my Mac, even Windowsin the worst case).
The best I've thought of is hacking a shell script which stores thetimestamps of the remote backups somewhere, and if necessary encryptseach file, and uploads it (scp or rsync, that won't change much).Am I dreaming?2) Another problem are the file names, that I'd like to hide. I'd needsomething a bit more complicated than rot13, do you know one?
Thanks on advance for any idea.

here is an idea:

everything is on the client (data source) side (assuming passwordlessssh to remote machine)


for each file to be backed up  (possible over find -exec some_script)

# localtime, filename and path can be extracted from find , dirnamebasename or whatever


remotefilename=`echo "$filename" |md5sum | cut -f 1 -d ' '`

echo "$filename==>$remotefilename" >> /somewhere/mapping.txt

ssh $remote_machine mkdir -p  "'$path'" 2>/dev/null

remotetime=`ssh $remote_machine find "'$path/$remotefilename'" -printf '%t'`

if [ -z "$remotetime" ] || [ "$remotetime" != "$localtime" ]; then
 encrypt local file with $remotefilename
 scp or rsync it to remote_machine:$path
 rm localcopy
 ssh "touch '$path/$remotefilename' -d '$localtime'"
fi


after everything encrypt and send mapping.txt to remote machine

obviously one need to check/modify find's time output format and touch'sinput format


this is a simple solution with too many ssh, but not much encryption,

an easier mapping would be

find . -printf 'echo "%f==>`echo "%f"|md5sum|cut -f 1 -d \\" \\"`"\n' |bash > mapping.txt

if you would like to put every file in the same directory (for theremote machine),you can use %p instead of %f, and get rid of all path variables (andmkdir etc),

similarly you can list the time stamps locally (with md5sum trick),

diff it with the remote one (simple find -printf %f %t as everything isalready md5summed)

(you will probably need sorting here)

then send and touch only the files that diff give you (from local side)

clearly this is a scratch with lots of bugs, but I don't think it wouldtake time to implement some real thing

at all.

(though an evil administrator can actually corrupt the backups by echo >and then touching them with reference file)


--
aab
http://www.bayazit.net/alphan/

Reply to:

References:
- Encrypted backup
  - From: Christophe <christophe@courtois.cc>

Prev by Date: Re: replace command package
Next by Date: Re: stupid question
Previous by thread: Re: Encrypted backup
Next by thread: Non-consoll login
Index(es):
- Date
- Thread