Encryption

Alex Pedenko alex at kolosy.com
Sun Apr 16 23:43:08 GMT 2006


In order for the rsync algorithm to work, both sides have to be looking
at data in the same format (i.e. both either process encrypted data or
unencrypted data). If you want a true public key/private key system,
then the only way to do it is to encrypt and decrypt on the client side.
That creates two problems

 

-          the client has to encrypt the file it wants to send
completely, prior to talking to the daemon, regardless of file size
(which creates a scalability issue)

-          Calculating the binary change of encrypted files creates an
issue. If I have two separate versions of the same file, their encrypted
counterparts will be identical at the binary level until the first
change in one verses the other. That means that if you modify the
beginning of a file (just change the first bit), the two files will be
completely different.

 

There is another option that we have implemented in a backup scenario.
If you're interested, please email me directly.

 

Alex

 

________________________________

From: rsync-bounces+rsync=kolosy.com at lists.samba.org
[mailto:rsync-bounces+rsync=kolosy.com at lists.samba.org] On Behalf Of
Julian Pace Ross
Sent: Sunday, April 16, 2006 12:44 PM
To: rsync at lists.samba.org
Subject: Encryption

 

Hi all,

 

I recently came across a possible requirement of backing up certain
files on a remote server ... in an encrypted format. 

This got me seriously thinking about the possibility of doing such a
thing with rsync. 

I am not too knowledgable about encryption and the mechanisms of the
rsync algorithm (at least as yet :), but I would like to know whether
this is attainable or 'far fetched' so to speak. 

In other words, the requirement would be that rsync encrypts the data in
transmission (like is done with ssh), but the data is stored on the
receiver still encrypted. 

The reverse (i.e. decryption with private key) would be done only when
the client is retreiving the data from the server. 

The idea is that data stored on the remote server would be unreadable to
the people on that side, but can be decrypted when rsyncing back to the
local server in case of data loss.

I have a medium to good knowledge of C, but before delving into
understanding the rsync source, I wanted to hear any opinions on how
possible, if at all, this is...

 

Julian

 

 

-------------- next part --------------
HTML attachment scrubbed and removed


More information about the rsync mailing list