Crypted backup Looking for suggestions

Matthew Dillon dillon at apollo.backplane.com
Thu Apr 16 09:54:55 PDT 2009


:Hey,
:Im looking for some suggestions about how to keep a backup in a remote
:(shared) PC.
:I got 20GB of srcs and images in my pc (PCBSD) and i got access to
:100GB in a shared DFBSD2.2 server (all hammerFS).
:I want to use the server to keep a backup of my files in a remote
:location (in a daily basis)
:I dont mind if other users can see the name of the files, but i will
:like to keep the contents private and be spacewise.
:My first attemp was create an asymetric key pair, copy the full tree
:to a temp location, crypt every file in the second tree and rsync the
:content to server, after that if i need to restore the info in another
:pc, i download in a temp tree, then decrypt and copy to the real
:location.
:I know there should be a easier way.
:Thanks for any suggestion.
:Sdav

    I think what you came up with is a pretty good idea.

    Another option with HAMMER is to use the 'hammer mirror-read'
    directive to generate a mirroring stream which you then pipe
    through a crypto and store on the target machine.

    It would take some scripting and messing around, but I think it
    would work.  If you can extract the as-of transaction id you
    can generate a mirroring base file (starting at transaction id 0),
    then once you know it made it to the target machine you can record
    the transaction id and use that as a base for the next day's mirroring
    stream.  And so on and so forth, giving you a set of encrypted
    incremental backup files on the target machine.

    It would look like an incremental backup / dump.. the files would
    not be individually accessible .. the entire mirror set would have
    to be restored to see the contents.   Restoring a mirror set can
    be done by creating a HAMMER slave PFS and then decrypting the
    files (in the correct order) and piping them through a
    'hammer mirror-write'.

					-Matt
					Matthew Dillon 
					<dillon at backplane.com>





More information about the Users mailing list