[sf-lug] Linux backup software .. that meets unique requirements

David Rosenstrauch darose at darose.net
Mon Mar 15 08:10:42 PDT 2010

On 03/11/2010 03:03 PM, David Hinkle wrote:
> Have you considered writing a script that produces a copy of the tree
> you're working on, but encrypts each file with a simple symmetric
> cipher using the filename as the initialization vector for the
> encryption?   Then you can run rsync to back that tree up.   Rsync
> will have to copy any file that changes in it's entirety, but the
> data should be safe.  You could take it one step further and cache
> the md5sums of the files before you encrypt them (like duplicity) so
> you can avoid re-encrypting files that haven't changed.   An approach
> like that might work well enough for a source code repository, but
> will be bad for anything like a database.
> David

Thanks much for the suggestion, David.

This is indeed the way I was leaning.  But I wasn't too thrilled about 
having to go through 2 full rsync steps - particularly because it's a 
pretty sizable file system tree.

Fortunately I think I've found a neat workaround:  Continue backing up 
as I've been (i.e., using rsync/rsnapshot) but have the backup process 
backup to a mount point that is an encfs encrypted directory on top of 
an sshfs remote mounted directory, as described here: 

Result meets all my requirements:  files are backed up using rsync, to 
my existing storage space, and are encrypted both in transit and on disk.

Going to give this a whirl tonight.

Thanks much for helping me bat this problem around with you, David.


More information about the sf-lug mailing list