Package: autopostgresqlbackup Version: 1.0-2 Severity: minor Dear Maintainer,
The attached patches allow for backups to be encrypted using private/public keys. The file `backup-encrypt.diff` contains patches against the actual backup scripts. The file `backup-config.diff` contains patches for the configuration file in `/etc/default` and provides information on how the encyrption should be used, and how backups can be decrypted. -- System Information: Debian Release: 7.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/24 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages autopostgresqlbackup depends on: pn postgresql-client-common <none> Versions of packages autopostgresqlbackup recommends: ii mutt 1.5.21-6.2+deb7u1 autopostgresqlbackup suggests no packages.
76a77,102 > # Encyrption settings > # > # After a backup is made, it will be encrypted and the original file > # removed (if encryption was successful). It is recommended you > # backup to a staging directory, and then use a POSTBACKUP script to sync > # the encrypted backups to the desired location. > # > # Encryption uses private/public keys. You can generate a key with > # > # openssl req -x509 -nodes -days 100000 -newkey rsa:2048 -keyout backup.key > -out backup.crt -subj ‘/’ > # > # Decryption > # > # openssl smime -decrypt -in backup.sql.gz.enc -binary -inform DEM -inkey > [PRIVATE_KEY] -out backup.sql.gz > # > # Encryption setup inspired by > http://blog.altudov.com/2010/09/27/using-openssl-for-asymmetric-encryption-of-backups/ > > # Enable encryption > #ENCRYPT=yes > > # Encryption public key > ENC_PUBLIC_KEY=/etc/ssl/certs/backup.crt > > # Suffix for encyrpted files > ENC_SUFFIX=.openssl_smime_dem >
345a346,352 > COMP_FILE=$1$SUFFIX > # Encrypt as needed > if [ "$ENCRYPT" = "yes" ]; then > echo Encrypting "$COMP_FILE" > openssl smime -encrypt -aes256 -binary -outform DEM -out > "$COMP_FILE$ENC_SUFFIX" -in "$COMP_FILE" $ENC_PUBLIC_KEY && rm -f $COMP_FILE > SUFFIX="$SUFFIX$ENC_SUFFIX" > fi
