ianneubert.com

«
»

Backup tools with encryption?

Anyone use a UNIX backup tool that will encrypt the data it stores?

I use rdiff-backup, but its encrypted cousin, duplicity is 16 months old and doesn’t look maintained.

I checked out box backup, which seems like a really interesting idea, but I don’t know if I want to deal with a client/server type complexity. It seems difficult to restore should something happen to the server machine. Plus I need to change the backup media daily, and it’s more suited to fixed, off-site storage.

So I need:

  • daily, snapshot type backups
  • encrypted backup files
  • easy to restore (but still secure) backups
  • incremental backups

I may just end up writing a GPG wrapper around rdiff-backup, as it has everything I want, minus encryption. That would also allow me to store the private keys offsite, away from the servers themselves. box backup requires that the backup server hold its own private key. Hmm, I like this idea. Maybe I’ll end up releasing my backup program after I get it working…

This entry was posted on Tuesday, December 21st, 2004 at 11:40 am and is filed under Computers. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

  • http://www.thenullpointer.net mannkind

    Hello,

    I’ve recently looked for a rdiff-backup gpg solution. I also found duplicity, but it seems to be unmaintained. Whereas rdiff-backup has been maintained as of this year.

    I have the start of some scripts to use gpg and rdiff-backup, but I was curious if you ever ended up writing anything? I’d rather not duplicate work.

    Please let me know.

  • http://www.ianneubert.com ian

    mannkind: I’ve actually found the solution I was looking for in the Linux kernel: http://www.saout.de/misc/dm-crypt/

    It’s included by default in CentOS 4.X (RedHat EL 4) and makes it very easy to encrypt my backups to disk. I just use a simple scp command to copy files to the encrypted disk.

  • http://douban.com/people/changsheng/ Changsheng Jiang

    +1

    I am finding a encryption version of rdiff-backup based on GnuPG for more than one year. Do you have any design ideas or code?

    I do not like EncFS+rdiff-backup, esp. passwords stored (and hashed, I know) in remote servers.

    With GPG+rdiff-backup, asking passwords is not suitable in cron-jobs, but acceptable.

    rsnapshot will generate very large files, I have no concrete ideas about that, but doubt that.