Encryption is enabled by entering an encryption key when using s3cmd
--configure
If you do not enter a key, your data will not be encrypted.
When encryption is used, S3cmd pipes the file through gnupg, saving the
encrypted version as /tmp/tmpfiles-{random 20 char string}. This encrypted
file is then transferred to S3, using the original filename for S3
storage.
Some problems can occur with encryption: if you have a small /tmp
directory and wish to encrypt files larger than the size of /tmp, it will
fill up /tmp and fail. Your server may also experience severe problems if
other processes need the /tmp directory to store files.
If you kill the s3cmd process while it is in the midst of transferring an
encrypted file, the temp file stored in /tmp will not be deleted, clogging
up the tmp directory. I wrote a bash script to periodically delete any old
/tmp files created by s3cmd.
The encryption process uses symmetric encryption. CAST5 (CAST128) is the
default symmetric encryption alorithm in gnupg available on CentOS 5. I
edited the gpg-encrypt command line in the config file to change the algo
to AES256.
I am evaluating this tool for use within my clients, and it looks good. I
did a functionality comparison with other packages and it won. Nice job!
--
Otto Monnig, MSSE
<omon...@gmail.com>Kodiak Technology Group
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
S3tools-general mailing list
S3tools-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/s3tools-general
