Re: Encrypted backup

From: A. Alphan Bayazit (listec_at_bayazit.org)
Date: 03/30/05

  • Next message: Curt Howland: "Re: stupid question" 
    Date: Wed, 30 Mar 2005 08:42:37 -0500
To: Christophe <christophe@courtois.cc>

    Christophe wrote:

    > Hi,
    >
    >1) My goal is to upload daily some backups of my most important files
    >(spreadsheets, photos, ~ 3 Gb) to the server to another off-site server
    >(Debian too, with ssh access).
    > As I'm not the administrator of the remote server, I'd like to encrypt
    >everything (gnupg seems fine). As I've got only an 16 kb/s upload, I'd
    >like to use rsync or something similar, but as my computer is an old
    >one, I'd like to avoid reencrypting everything each time, and I'd like
    >to avoid storing a local encrypted backup to spare disk. So I have no
    >way to compare easily the encrypted backups and the local original
    >files.
    > I'm afraid that mounting an encrypted file on the remote server is not
    >feasible (fuse + sshfs + cryptoloop ?)... Anyway, I need to be able to
    >retrieve the encrypted files from another system (my Mac, even Windows
    >in the worst case).
    >
    > The best I've thought of is hacking a shell script which stores the
    >timestamps of the remote backups somewhere, and if necessary encrypts
    >each file, and uploads it (scp or rsync, that won't change much).
    >
    > Am I dreaming?
    >
    >2) Another problem are the file names, that I'd like to hide. I'd need
    >something a bit more complicated than rot13, do you know one?
    >
    > Thanks on advance for any idea.
    >
    >
    >
    here is an idea:

    everything is on the client (data source) side (assuming passwordless
    ssh to remote machine)

    for each file to be backed up (possible over find -exec some_script)

    # localtime, filename and path can be extracted from find , dirname
    basename or whatever

    remotefilename=`echo "$filename" |md5sum | cut -f 1 -d ' '`

    echo "$filename==>$remotefilename" >> /somewhere/mapping.txt

    ssh $remote_machine mkdir -p "'$path'" 2>/dev/null

    remotetime=`ssh $remote_machine find "'$path/$remotefilename'" -printf '%t'`

    if [ -z "$remotetime" ] || [ "$remotetime" != "$localtime" ]; then
      encrypt local file with $remotefilename
      scp or rsync it to remote_machine:$path
      rm localcopy
      ssh "touch '$path/$remotefilename' -d '$localtime'"
    fi

    after everything encrypt and send mapping.txt to remote machine

    obviously one need to check/modify find's time output format and touch's
    input format

    this is a simple solution with too many ssh, but not much encryption,

    an easier mapping would be
    find . -printf 'echo "%f==>`echo "%f"|md5sum|cut -f 1 -d \\" \\"`"\n' |
    bash > mapping.txt

    if you would like to put every file in the same directory (for the
    remote machine),
    you can use %p instead of %f, and get rid of all path variables (and
    mkdir etc),
    similarly you can list the time stamps locally (with md5sum trick),
    diff it with the remote one (simple find -printf %f %t as everything is
    already md5summed)
    (you will probably need sorting here)

    then send and touch only the files that diff give you (from local side)

    clearly this is a scratch with lots of bugs, but I don't think it would
    take time to implement some real thing
     at all.

    (though an evil administrator can actually corrupt the backups by echo >
    and then touching them with reference file) 

    -- 
aab
http://www.bayazit.net/alphan/
-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: Curt Howland: "Re: stupid question"