From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1JmjnA-0005LL-Ov for garchives@archives.gentoo.org; Fri, 18 Apr 2008 06:09:49 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4C6F9E07A7; Fri, 18 Apr 2008 06:09:46 +0000 (UTC) Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by pigeon.gentoo.org (Postfix) with ESMTP id 2B317E07A7 for ; Fri, 18 Apr 2008 06:09:46 +0000 (UTC) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id B37A757E99; Fri, 18 Apr 2008 02:09:45 -0400 (EDT) Received: from heartbeat2.messagingengine.com ([10.202.2.161]) by compute1.internal (MEProxy); Fri, 18 Apr 2008 02:09:45 -0400 X-Sasl-enc: tljsqiOHN78MUYRFVGTqvVkbYP7AFyTT1tHsi/WUXKLw 1208498984 Received: from [10.161.128.206] (unknown [92.117.128.206]) by mail.messagingengine.com (Postfix) with ESMTPSA id 40EE320AE3 for ; Fri, 18 Apr 2008 02:09:43 -0400 (EDT) Subject: Re: [gentoo-user] Encrypted backups under Gentoo From: Florian Philipp To: gentoo-user@lists.gentoo.org In-Reply-To: <87zlrsgxwz.wl%jan.seeger@thenybble.de> References: <871w54iiid.wl%jan.seeger@thenybble.de> <1208452614.12209.5.camel@NOTE_GENTOO64.PHHEIMNETZ> <87zlrsgxwz.wl%jan.seeger@thenybble.de> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-2B45xXsK20Yo6umGlkhy" Date: Fri, 18 Apr 2008 08:08:50 +0200 Message-Id: <1208498930.8117.13.camel@NOTE_GENTOO64.PHHEIMNETZ> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.12.3 X-Archives-Salt: b71ebd83-4166-4848-bef1-38814b1c1801 X-Archives-Hash: f0439ca27576604227f0d2f8baf66570 --=-2B45xXsK20Yo6umGlkhy Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2008-04-17 at 20:05 +0200, Jan Seeger wrote: > At Thu, 17 Apr 2008 19:16:54 +0200, > Florian Philipp wrote: > > I personally use dar and gpg. Dar can be used to make incremental > > backups which should partly solve your speed problem. Alternatively you > > could use tar and gpg or cpio or whatever floats your boat. >=20 > Duplicity also does incremental backups, but it's still slow. Using > dar, would I have to "manually" (or per script) use gpg to encrypt the ar= chives? I use GPG instead of DAR's build-in encryption because asymmetric encryption allows complete automation of the backup process, e.g. you don't have to store the key as a plaintext file or type it at every backup. And yes, you need a custom script. For incremental backups to work you would need to make an "isolated catalogue" (dar's nomenclature) in order for it to see which files and timestamps are already backuped without decrypting the archive. Tar uses a similar approach. >=20 > > The alternative would be an encrypted filesystem and rdiff-backup or > > rsync. Optionally you could safe the key to the filesystem on your home > > partition or, if it doesn't need to be automated, in a gpg-encrypted > > file. >=20 > An encryted filesystem and rdiff-backup or similar was another option > I though of. The problem is restoration: Would I easily be able to > restore the backups from a freshly installed system? AFAIK cryptsetup is part of Gentoo's stage3. Most live-CD's I've tried had support for it, too. Commonly they also offer all common encryption modules for the kernel and GPG, so I wouldn't worry about this. Just make sure to keep your key and everything you need to decrypt off site. I myself store my GPG-key on a server, my parent's PC and my USB-stick. Since rdiff-backup stores all its internal data in a single directory, (.rdiff-backup, I think) you could still access the last snapshot of your system even without the program itself. --=-2B45xXsK20Yo6umGlkhy Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQBICDryqs4uOUlOuU8RAmz5AJ9XgVs40uILiQTjfIkGiLsuLqqG+wCeIb8s rTvac//EdU9cNSOEoFQXviQ= =HBnh -----END PGP SIGNATURE----- --=-2B45xXsK20Yo6umGlkhy-- -- gentoo-user@lists.gentoo.org mailing list