crypting remote data

david reinares reinareslara at gmail.com
Sat Mar 8 17:33:17 GMT 2008 

rsyncrypto looks fine, but still not which we're looking for.

Having a complete file updated if a little change happens doesn't bother me.
We're performing daily rsync, so not many files can be changed in a day.

The real problem is about space and performance. If you want good
performance yo have to sacrifice space, and vice versa.

We decided to save space for client. so we copy file by file, crypt it,
rsync it, and then delete...a hell for performance, starting a rsync
connection for each file.
And worst of all, we loose -b functionality, that was really good (having
not just a copy of the day before but an extra day)...having a previous
version of destination data
in a file by file basis is not a god idea. And to have the --delete
functionality we need to play a trick at the end with a new rsync passing
all directories and --ignore-existing, --ignore-non-existing, --delete, just
to have same files in source and destination (thank you very much Matt
McCutchen).

About duplicity is not a good idea, at least for us. We don't want to have
tar directories and such things.

Any idea to get the -b funcionality back again and obtain a compromise
between space and performance?
------------------------------------------------------------------------------------

On Tue, 4 Mar 2008, david reinares wrote:

> It would be greatful to have crypting funcionality added to rsync, appart
> from using ssh to crypt transmissions.
>
> I know this is not the original purpose for rsync, but anyway it's a fact
> that many people need (at least i need, I hope I'm not alone)
> additional security features for offsite backups, like having the data
> crypted at remote, but not at source, so the problem is crypting the data
> and then syncronizing it.

There are a couple of things which try to do this, eg. duplicity, but none
which fully hit the nail on the head. The killing factor for duplicity is
that to expire increments you need to do a new full backup.

rsyncrypto is probably what comes closest to the goal, it would be ideal
though if rdiff-backup was to be combined with rsyncrypto to do it all in
one - I personally use a three stage process using tar, rsyncrypto and
then rdiff-backup (and then rsync).

When rsyncrypto gets working stdin/stdout support then the tar/rsyncrypto
stage could be combined into one.
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the rsync mailing list