Re: [gentoo-user] Encrypted backups under Gentoo
On Thu, 2008-04-17 at 20:05 +0200, Jan Seeger wrote: At Thu, 17 Apr 2008 19:16:54 +0200, Florian Philipp wrote: I personally use dar and gpg. Dar can be used to make incremental backups which should partly solve your speed problem. Alternatively you could use tar and gpg or cpio or whatever floats your boat. Duplicity also does incremental backups, but it's still slow. Using dar, would I have to manually (or per script) use gpg to encrypt the archives? I use GPG instead of DAR's build-in encryption because asymmetric encryption allows complete automation of the backup process, e.g. you don't have to store the key as a plaintext file or type it at every backup. And yes, you need a custom script. For incremental backups to work you would need to make an isolated catalogue (dar's nomenclature) in order for it to see which files and timestamps are already backuped without decrypting the archive. Tar uses a similar approach. The alternative would be an encrypted filesystem and rdiff-backup or rsync. Optionally you could safe the key to the filesystem on your home partition or, if it doesn't need to be automated, in a gpg-encrypted file. An encryted filesystem and rdiff-backup or similar was another option I though of. The problem is restoration: Would I easily be able to restore the backups from a freshly installed system? AFAIK cryptsetup is part of Gentoo's stage3. Most live-CD's I've tried had support for it, too. Commonly they also offer all common encryption modules for the kernel and GPG, so I wouldn't worry about this. Just make sure to keep your key and everything you need to decrypt off site. I myself store my GPG-key on a server, my parent's PC and my USB-stick. Since rdiff-backup stores all its internal data in a single directory, (.rdiff-backup, I think) you could still access the last snapshot of your system even without the program itself. signature.asc Description: This is a digitally signed message part
[gentoo-user] Encrypted backups under Gentoo
As per the subject: I use luks-crypt to encrypt my home directory. Of course I would like to make backups. These must, of course, also be encrypted. I have tried duplicity, but when many changes have occured, this is unbearably slow (being on a laptop). What would be the best solution to back up with encryption barring duplicity? Regards, Jan Seeger -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Encrypted backups under Gentoo
On Thu, 2008-04-17 at 17:54 +0200, Jan Seeger wrote: As per the subject: I use luks-crypt to encrypt my home directory. Of course I would like to make backups. These must, of course, also be encrypted. I have tried duplicity, but when many changes have occured, this is unbearably slow (being on a laptop). What would be the best solution to back up with encryption barring duplicity? Regards, Jan Seeger I personally use dar and gpg. Dar can be used to make incremental backups which should partly solve your speed problem. Alternatively you could use tar and gpg or cpio or whatever floats your boat. The alternative would be an encrypted filesystem and rdiff-backup or rsync. Optionally you could safe the key to the filesystem on your home partition or, if it doesn't need to be automated, in a gpg-encrypted file. Let me know if you are interested in any of these options so I can explain the details further (if you need support with that, that is). signature.asc Description: This is a digitally signed message part
Re: [gentoo-user] Encrypted backups under Gentoo
On Thu, 17 Apr 2008 17:54:50 +0200, Jan Seeger wrote: I use luks-crypt to encrypt my home directory. Of course I would like to make backups. These must, of course, also be encrypted. I have tried duplicity, but when many changes have occured, this is unbearably slow (being on a laptop). What would be the best solution to back up with encryption barring duplicity? I'm using duplicity and also found it slow, and it makes thousands of SSH connections in the course of a day. I'm now testing app-backup/boxbackup, which seems good so far. -- Neil Bothwick The road to HAL is paved with good intentions. signature.asc Description: PGP signature
Re: [gentoo-user] Encrypted backups under Gentoo
At Thu, 17 Apr 2008 19:16:54 +0200, Florian Philipp wrote: I personally use dar and gpg. Dar can be used to make incremental backups which should partly solve your speed problem. Alternatively you could use tar and gpg or cpio or whatever floats your boat. Duplicity also does incremental backups, but it's still slow. Using dar, would I have to manually (or per script) use gpg to encrypt the archives? The alternative would be an encrypted filesystem and rdiff-backup or rsync. Optionally you could safe the key to the filesystem on your home partition or, if it doesn't need to be automated, in a gpg-encrypted file. An encryted filesystem and rdiff-backup or similar was another option I though of. The problem is restoration: Would I easily be able to restore the backups from a freshly installed system? Regards, Jan -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Encrypted backups under Gentoo
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Florian Philipp wrote: | On Thu, 2008-04-17 at 17:54 +0200, Jan Seeger wrote: | As per the subject: | | I use luks-crypt to encrypt my home directory. Of course I would like | to make backups. These must, of course, also be encrypted. I have | tried duplicity, but when many changes have occured, this is | unbearably slow (being on a laptop). What would be the best solution | to back up with encryption barring duplicity? | | Regards, | Jan Seeger | | I personally use dar and gpg. Dar can be used to make incremental | backups which should partly solve your speed problem. Alternatively you | could use tar and gpg or cpio or whatever floats your boat. | | The alternative would be an encrypted filesystem and rdiff-backup or | rsync. Optionally you could safe the key to the filesystem on your home | partition or, if it doesn't need to be automated, in a gpg-encrypted | file. | | Let me know if you are interested in any of these options so I can | explain the details further (if you need support with that, that is). I also use dar, but I don't bother with gpg. I use the '-K:' option of dar, which provides passphrase protected blowfish protection. I suppose I could use gpg, as well, with AES256 or IDEA, but that would be overkill, I think, since I keep my backups on an external USB port drive. Chris -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJIB5j7AAoJEIAhA8M9p9DA+ccP/AqbWUYZMc76kiRa1nqL1A81 rDqrTomadkHoyqCgl0sXwmz85kEzgV33QP/yqrnSwAXQisDgvyQ9v8INOGff1p7D e2Rw3U+31/U+xz1dMYTS8ucLKLKwMkU1m9+iIkRBbPDJPTVyUzup33RoV8Bt00oF 5241fYPhJQsLd/zwiYsUk6w7NO+4xyW7x9n2FXbOKZGuwSNT+0mVwXX/fDlvXhJJ awkQMAfpv2vVQ5Y5+ovlhawECU/mv1BxOTrYB9M0jViT9ugKcoJEhJyONLra0LBL 1dwy/6g5PB+4RB/xKXZqJdO02gp7vqf3H2rlA6qcj+O0/b8gK5Jl1/QP2duzdgL5 XbChyiVfF5KTEB9EgAUuhrIMr+At5rinxFQmu0S8ohgoHRakFXAIhv7+DX6rkKJD Y5Jf8X6sV+Flqac4dD9znmb98RgcbVTEyHLLKKPrvZ2mcEhRCw6I+HXcnYvFQV57 xEXbYEkKTXHlb6OFWOSC/ynvhw87mBz+Zjx0trm61awrgYBBgYoSBJk3nemjtL9e 0yslvgzMOClTjSlC9lgnCmiQDQNgFFgIUHSmrt/yfQ69jrluii7hvWJfRfFsu9i1 5wOnzOt5fI1sTxOoX9yMEXK+PjEgncdBVPMMF+dMvan4vyxGpAPwgzQSedgWPbgI dwBz2ugEZAAsV0EszSQS =mGmy -END PGP SIGNATURE- -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Encrypted backups under Gentoo
At Thu, 17 Apr 2008 14:37:52 -0400, Chris Walters wrote: I also use dar, but I don't bother with gpg. I use the '-K:' option of dar, which provides passphrase protected blowfish protection. I suppose I could use gpg, as well, with AES256 or IDEA, but that would be overkill, I think, since I keep my backups on an external USB port drive. This sounds like a feasible solution, I will try it out. Thanks for the idea, Florian and Chris. I'm just wondering what the dar64 and dar32 useflags do... -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Encrypted backups under Gentoo
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Jan Seeger wrote: | At Thu, 17 Apr 2008 14:37:52 -0400, | Chris Walters wrote: snip | This sounds like a feasible solution, I will try it out. Thanks for | the idea, Florian and Chris. | | I'm just wondering what the dar64 and dar32 useflags do... As I understand it, dar32 uses 32 bit integers and dar64 uses 64 bit integers, I believe to represent file and archive sizes. The description on the the USE flag dar64 on the Gentoo site says, Enables --enable-mode=64 option, which replace infinint by 64 bits integers. The dar32 option is described in the same way, only with 32 replacing 64. Regards, Chris -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJIB6nGAAoJEIAhA8M9p9DAfPMP/RsttxEQmsX1EF0Ztilhkxox dRHX+h5A723LGDgs0eDCG32qn+PMFpFzpRaYlT6k/zk82QwVXcBzDaPse9/REzch eze1sItugrts5tB+j8VosNC9w7EvtvHq4R3cD56OoJ4xz0C7ywdUQvO2eTUJ7z8s QklhRcY3flb4UIiVD/RmcB7TjY5mnJ9y4HqYq1pjgZxeAGWztJlXnQQbcO1tFST8 x8C2rgkT8A9LcyNm/leyQHmU6leys9flGWrr6q4g26Qvf9dPimPn0BnbPROmGEhJ +eF3UFqR/ir4+JSeiDFzS0XuPN3id3C3n90qWawPeWEbmCnGazAepvH/P68hkPRV bSb9ehhLwE2OjsiQg66zWKB3ZnVYKK+8MglddZUtGfAKVhxr53gbqhVolzZ0cE5a pLbAz9zPoMfkQewQJux+ECoAwFRuOeV29wRXDuvb4sxTWN/Z3rvPFDvPgPjBClK1 uV1gKFRfE93N6NBAPkJHF8UlBjVN+LY4kqWmgFMjU3SnRBkw1HjwLMeaWh3qGdkC R39i3GvE57M8X6YXOyFf2WtxDRzzLcyv/a1DvkVbr0uGVZAjkePgnldzCj5snoIw +xY+3H9Y0MydrjuohdlrWj0davI+tG0lfM/FuV3e7Zl/zxYHr8QFWzYx8hgf3UUJ +Om6MbxFsyo59mxF56W5 =758z -END PGP SIGNATURE- -- gentoo-user@lists.gentoo.org mailing list