Crypted backup Looking for suggestions
Matthew Dillon
dillon at apollo.backplane.com
Thu Apr 16 09:54:55 PDT 2009
:Hey,
:Im looking for some suggestions about how to keep a backup in a remote
:(shared) PC.
:I got 20GB of srcs and images in my pc (PCBSD) and i got access to
:100GB in a shared DFBSD2.2 server (all hammerFS).
:I want to use the server to keep a backup of my files in a remote
:location (in a daily basis)
:I dont mind if other users can see the name of the files, but i will
:like to keep the contents private and be spacewise.
:My first attemp was create an asymetric key pair, copy the full tree
:to a temp location, crypt every file in the second tree and rsync the
:content to server, after that if i need to restore the info in another
:pc, i download in a temp tree, then decrypt and copy to the real
:location.
:I know there should be a easier way.
:Thanks for any suggestion.
:Sdav
I think what you came up with is a pretty good idea.
Another option with HAMMER is to use the 'hammer mirror-read'
directive to generate a mirroring stream which you then pipe
through a crypto and store on the target machine.
It would take some scripting and messing around, but I think it
would work. If you can extract the as-of transaction id you
can generate a mirroring base file (starting at transaction id 0),
then once you know it made it to the target machine you can record
the transaction id and use that as a base for the next day's mirroring
stream. And so on and so forth, giving you a set of encrypted
incremental backup files on the target machine.
It would look like an incremental backup / dump.. the files would
not be individually accessible .. the entire mirror set would have
to be restored to see the contents. Restoring a mirror set can
be done by creating a HAMMER slave PFS and then decrypting the
files (in the correct order) and piping them through a
'hammer mirror-write'.
-Matt
Matthew Dillon
<dillon at backplane.com>
More information about the Users
mailing list