Encryption

Tomasz Ciolek tmc at vandradlabs.com.au
Sun Apr 16 23:29:38 GMT 2006


Hi guys

I have experimented with a similar approach, in my case the backup server does 'pull' of data, using rsync+ssh, saving it into a encryopted loopback file system image.

At the moment I am experimenting with a linux metadevices based encrypted file systems that are only mounted to receive the special files. 

In both cases I run into "how to sotre the key (or passphrase) safely" problems, but that is lieft for you to solve, because much of your solution depends on your own circumstanmces and risk analysis.

Cheers
Tom

On Sun, Apr 16, 2006 at 08:16:32PM +0200, Christoph Biedl wrote:
> Julian Pace Ross wrote...
> 
> > The idea is that data stored on the remote server would be unreadable to the
> > people on that side, but can be decrypted when rsyncing back to the local
> > server in case of data loss.
> 
> In that case encyption will have to take place before transmission
> anyway. Else you do rely on an uncorrpted rsync on the remote side.
> 
> My solution for that problem is outside of rsync. I am using an
> encrypted filesystem where encryption takes place on the local side and
> the actual storage is accessed via the network. rsync itself is a local
> (file only) operation then.
> 
> The "network block device" in Linux would be a nice thing for that but
> it lacks a lot of features to make it usable (according bug reports are
> on my todo list).
> 
> So currently my solution is really ugly: The remote side exports (via
> nfs) a directory with a single huge file. The directory is mounted, then
> that image using loopback and encryption. This works but results in poor
> performance as caching is virtually disabled.
> 
>     Christoph
> -- 
> To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
> Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html

-- 
Tomasz M. Ciolek	
*******************************************************************************
 tmc at dreamcraft dot com dot au 
*******************************************************************************
   GPG Key ID:		0x41C4C2F0
   GPG Key Fingerprint: 3883 B308 8256 2246 D3ED  A1FF 3A1D 0EAD 41C4 C2F0
   Key available on good key-servers
*******************************************************************************
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/rsync/attachments/20060417/4a381de3/attachment.bin


More information about the rsync mailing list