I must be psychic: Re: Pushing hard-linked backups

Eric S. Johansson esj at harvee.org
Tue Jan 1 06:41:16 GMT 2008

Eric S. Johansson wrote:
> Matt McCutchen wrote:
>> bOn Mon, 2007-12-24 at 18:34 -0500, Eric S. Johansson wrote:
>>> I'd love for the remote backup to be encrypted locally so one could
>>> backup to a hostile host.
>> That limits your options.  
> one would think.  For now, lets go with the plaintext push form of 
> rsnapshot. as for encryption, I think it would be possible (assuming 
> mods to rsync) to do rsync encrypted copies. 


Rsyncrypto - Rsync Friendly File Encryption
Why is Rsyncrypto
Sometimes it is necessary to store files on a remote server. This is typically 
needed for backup purposes. When that is done, there are two concerns that need 
to be addressed:

    1. How to keep the privacy of the files stored?
    2. How to keep bandwidth usage to a minimum?

Both problems have rather simple solutions:

    1. Encrypt the files prior to sending them. Keep the key locally.
    2. Use rsync to only transfer the changes.

There is just one problem - the two solutions contradict. Plain mode encryption 
of files hide the specific changes to the file, making rsync useless at 
detecting in-file changes. This is where rsyncrypto comes to the rescue.
What is Rsyncrypto
Rsyncrypto is a modified encryption scheme. It is based on industry standard AES 
for symmetric encryption, as well as RSA for having different keys for each file 
while allowing a single key to decrypt all files. It even uses an encryption 
mode that is based on CBC.

Rsyncrypto does, however, do one thing differently. It changes the encryption 
schema from plain CBC to a slightly modified version. This modification ensures 
that two almost identical files, such as the same file before an after a change, 
when encrypted using rsyncrypto and the same key, will produce almost identical 
encrypted files. This means that both objectives can be achieved simultaneously.
Rsyncrypto has won first price in the free software trophy competition (Trophées 
du Libre) in the security category.


Just found, haven't tried.  You may have better luck than I do with this piece 
of software.  In fact, it's highly likely you will have better luck than I do 
with all pieces of software.

More information about the rsync mailing list