Matt McCutchen wrote:
bOn Mon, 2007-12-24 at 18:34 -0500, Eric S. Johansson wrote:
I'd love for the remote backup to be encrypted locally so one could
backup to a hostile host.
That limits your options.
one would think. For now, lets go with the plaintext push form of rsnapshot.
as for encryption, I think it would be possible (assuming mods to rsync) to do
rsync encrypted copies. if you assume symmetrical encryption and that the key
and plaintext is managed by one side, specified by command line args, it
becomes easier (not easy, only easier :-)
[[ related thought. if rsync had a plugin architecture allowing per file
transformation (pre and post transfer) one could build encryption in as an addon]]
the idea of the encryption extension is that when a file is ready for block by
block checking, it is copied (replicating TOP (time, ownership and permissions)
and encrypted using the given symmetrical key. this should yield an identical
file if they are the same. if you get the key wrong, tough noogies, you copy
your entire dataset.
possible problems
I really don't know the internals of rsync and if this idea is possible.
it's been thought of and rejected.
I'm being blond on the crypto
it will be *slow*
may be a rathole.
rsync/snapshot to trusted host and backing up encfs image of backup directory
may be a better solution
wins
lets you backup to hostile hosts
provides some measure of confidentially on rsync transfers in the clear
so matt, lets go for the rsnapshot push to a benign host for now.
--- eric
--
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
