I do not know your level of expertise and if your somewhat abstract description of the trust issue is a demonstration of high-level understanding of Unix file system tree + encryption + networks or just playful thought.
That in mind, if you are not running a cluster of servers, it would be doable using duplicity and the list of "public" directories or rather "private" ones. That, assuming you at least have a vague idea of which files you wish to remain unencrypted/encrypted an is not looking for a file permissions aware general solution. For this, you could use duplicity --include "$SHELL_PATTERN" or --exclude "$SHELL_PATTERN". BTW, duplicity uses rdiff as a backend so if you wish to keep previous rdiff backups, I am guessing you could make duplicity aware of them, but this is just a wild guess. -- -- André Nunes Batista
--- Begin Message ---On Mon, 06 May 2013 15:03:59 -0400, Celejar wrote: > On Mon, 6 May 2013 16:15:56 +0000 (UTC) > Hendrik Boom <hend...@topoi.pooq.com> wrote: > >> I'm currently using rdiff-backup onto removable USB drives for backup. >> I don not encrypt them now because I'm terrified of losing the >> encryption key and hence losing access to my backups. >> >> I'm planning to trade backup drives with an acquaintance for off-site >> backups. I trust her, but I don't trust not every random person who >> lives in her house or visits. >> >> Is there any way of doing the backup partially encrypted so that files >> are encrypted only if not world-readable? > > Perhaps use the 'find' command with the '-perm' argument to generate > lists of files that are and are not world readable, and pipe the outputs > to the backup program with the appropriate invocations? I'm not a find > guru, so I won't try to give the syntax, and I can't judge the level of > performance hit that doing it this way will engender. > hendrik@april:~$ find . ! -perm /044 | wc 35299 39286 1503506 hendrik@april:~$ There seem to be rather a lot of them. A lot seem to be cached stuff from browsers and other programs, which don't need to be backed up at all, let alone encrypted. But there are files containing ssh IDs and the like, private keys for digital signatures, and those really do need to be backed up, but not in plaintext. Where do the browsers keep this information? What other programs keep this kind of information? -- hendrik -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/kmb1u3$juc$1...@ger.gmane.org
--- End Message ---
signature.asc
Description: This is a digitally signed message part