Re: Partially encrypted backup?

[André Nunes Batista <andrenbatista@gmail.com>]

I do not know your level of expertise and if your somewhat abstract
description of the trust issue is a demonstration of high-level
understanding of Unix file system tree + encryption + networks or just
playful thought.

That in mind, if you are not running a cluster of servers, it would be
doable using duplicity and the list of "public" directories or rather
"private" ones. That, assuming you at least have a vague idea of which
files you wish to remain unencrypted/encrypted an is not looking for a
file permissions aware general solution. For this, you could use
duplicity --include "$SHELL_PATTERN" or --exclude "$SHELL_PATTERN".

BTW, duplicity uses rdiff as a backend so if you wish to keep previous
rdiff backups, I am guessing you could make duplicity aware of them, but
this is just a wild guess. 

-- 
-- André Nunes Batista

--- Begin Message ---

• To: debian-user@lists.debian.org
• Subject: Re: Partially encrypted backup?
• From: Hendrik Boom <hendrik@topoi.pooq.com>
• Date: Tue, 7 May 2013 14:09:08 +0000 (UTC)
• Message-id: <[🔎] kmb1u3$juc$1@ger.gmane.org>
• References: <[🔎] km8kvs$6s8$2@ger.gmane.org> <[🔎] 20130506150400.635996bb934f65559cb16948@gmail.com>

On Mon, 06 May 2013 15:03:59 -0400, Celejar wrote:

> On Mon, 6 May 2013 16:15:56 +0000 (UTC)
> Hendrik Boom <hendrik@topoi.pooq.com> wrote:
> 
>> I'm currently using rdiff-backup onto removable USB drives for backup. 
>> I don not encrypt them now because I'm terrified of losing the
>> encryption key and hence losing access to my backups.
>> 
>> I'm planning to trade backup drives with an acquaintance for off-site
>> backups.  I trust her, but I don't trust not every random person who
>> lives in her house or visits.
>> 
>> Is there any way of doing the backup partially encrypted so that files
>> are encrypted only if not world-readable?
> 
> Perhaps use the 'find' command with the '-perm' argument to generate
> lists of files that are and are not world readable, and pipe the outputs
> to the backup program with the appropriate invocations? I'm not a find
> guru, so I won't try to give the syntax, and I can't judge the level of
> performance hit that doing it this way will engender.
> 

hendrik@april:~$ find . ! -perm /044 | wc
  35299   39286 1503506
hendrik@april:~$ 

There seem to be rather a lot of them.

A lot seem to be cached stuff from browsers and other programs, which 
don't need to be backed up at all, let alone encrypted.  But there are 
files containing ssh IDs and the like, private keys for digital 
signatures, and those really do need to be backed up, but not in 
plaintext.  Where do the browsers keep this information?  What other 
programs keep this kind of information?

-- hendrik


-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: [🔎] kmb1u3$juc$1@ger.gmane.org">http://lists.debian.org/[🔎] kmb1u3$juc$1@ger.gmane.org

--- End Message ---

Attachment: signature.asc
Description: This is a digitally signed message part