The encryption howto link is broken on the main s3cmd page, so I am offering this text as its replacement.
I do end-to-end encryption using GNU/gpg: I encrypt files before storing
them on S3, and decrypt them after retrieving them. To make backups
convenient, I create encrypted copies of the files I wish to back up,
using this script:
#!/bin/bash
# Encrypt all the files in a directory.
# File: encrypt_files.sh Author: John Sauter, date: December 11, 2010
#
# One parameter: the directory containing the
# files to encrypt. Default is the current
# directory.
#
dir_name=${1:-"."}
for filename in ${dir_name}/*; do
filename_ext=${filename##*.}
#
# If there are no files in the directory, we have
# nothing to do. Skip .gpg files, since they
# are the results of an encryption, and don't
# need to be done twice. Skip files which
# already have a corresponding .gpg file,
# provided it has a later date than the source
# file, since the encryption doesn't have
# to be repeated. If a .gpg file's source
# is missing, delete the .gpg file.
#
if [ ".${filename_ext}." != ".*." ]; then
if [ -d ${filename} ]; then # recurse on subdirectories
$0 ${filename}
else
if [ ".${filename_ext}." == ".gpg." ]; then
sourcefile=${filename%.gpg}
if [ ! -e "${sourcefile}" ]; then
rm -v ${filename}
fi
else
if [ "${filename}" -nt "${filename}.gpg" ]; then
if [ -e "${filename}.gpg" ]; then
rm ${filename}.gpg
fi
#echo "Encrypting file " ${filename}
gpg --batch --no-use-agent --symmetric --force-mdc
--passphrase "secret-key" ${filename}
fi
fi
fi
fi
done
Of course, you should change the secret key to one of your choosing, or
make it a parameter to the script. I run this before the s3cmd sync to
make sure the encrypted files are up to date, then on the s3cmd command
line I use --exclude '*' --include '*.gpg' to back up only the encrypted
versions of the files.
Using --force-mdc in the gpg command gives me some confidence that the
retrieved file wasn't damaged while it was stored in S3. GNU/gpg
compresses while it encrypts, so using it also saves time while
uploading.
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________ S3tools-general mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/s3tools-general
