On Thu, 2008-04-17 at 20:05 +0200, Jan Seeger wrote: > At Thu, 17 Apr 2008 19:16:54 +0200, > Florian Philipp wrote: > > I personally use dar and gpg. Dar can be used to make incremental > > backups which should partly solve your speed problem. Alternatively you > > could use tar and gpg or cpio or whatever floats your boat. > > Duplicity also does incremental backups, but it's still slow. Using > dar, would I have to "manually" (or per script) use gpg to encrypt the > archives?
I use GPG instead of DAR's build-in encryption because asymmetric encryption allows complete automation of the backup process, e.g. you don't have to store the key as a plaintext file or type it at every backup. And yes, you need a custom script. For incremental backups to work you would need to make an "isolated catalogue" (dar's nomenclature) in order for it to see which files and timestamps are already backuped without decrypting the archive. Tar uses a similar approach. > > > The alternative would be an encrypted filesystem and rdiff-backup or > > rsync. Optionally you could safe the key to the filesystem on your home > > partition or, if it doesn't need to be automated, in a gpg-encrypted > > file. > > An encryted filesystem and rdiff-backup or similar was another option > I though of. The problem is restoration: Would I easily be able to > restore the backups from a freshly installed system? AFAIK cryptsetup is part of Gentoo's stage3. Most live-CD's I've tried had support for it, too. Commonly they also offer all common encryption modules for the kernel and GPG, so I wouldn't worry about this. Just make sure to keep your key and everything you need to decrypt off site. I myself store my GPG-key on a server, my parent's PC and my USB-stick. Since rdiff-backup stores all its internal data in a single directory, (.rdiff-backup, I think) you could still access the last snapshot of your system even without the program itself.
signature.asc
Description: This is a digitally signed message part
