Nowadays it is essential to backup your data and keep it safe in case of a data loss event. The most common way to backup (private) data is to use a remote server where you can upload your data. Certainly you want to keep it safe and private So how do you want to guarantee the privacy of the files stored? Upload it to the server and encrypt it afterwards?! Somehow you want to automate this backup process so you don’t have to do nothing than running the backup script. Suppose you have a huge amount of data (GB / TB) you’ll have to backup every day. Then you’ll have to upload the data completely to the server and do the encryption stuff. So your next question in mind should be: How to save bandwidth usage and keep it to a minimum?
Apparently you’ll have to encrypt your data first and then commit the in-file changes to the server. This works similar to the CVS/SVN versioning systems. So here are the steps:
- Encrypt data using rsyncrypto
- Transfer data (changes) to server using rsync
Quite simple, isn’t it? Let’s start by configuring and installing the required tools. (For the next steps I’ll be using NetBSD 5.0. But most Unix systems include rsync and rsyncrypto in their packaging systems.)
Installing required tools
|
|
If you don’t find rsync
in your packages list, then you’ll have to download it and from here. I couldn’t find rsyncrypto
in NetBSDs package tree so I’ve downloaded it from here. Be carefull when configuring the package on NetBSD:
|
|
Now both tools shoud work and execute properly.
Generate backup keys
Therefore we’ll be using OpenSSL. We’ll generate a backup key and a certificate used for encryption. Remeber: Keep these files safe and don’t lose them!
|
|
Check out the man page for parameters explication.
Encrypt data
Let us now encrypt our data.
|
|
Quite simple, isn’t it? Here is a quick explanation:
|
|
Now all we have to do is to rsync the encrypted data to some remote server.
|
|