[sf-lug] New Open Source Software Proposal
darose at darose.net
Wed Mar 17 12:41:48 PDT 2010
On 03/16/2010 10:37 AM, David Rosenstrauch wrote:
> On 03/15/2010 06:36 PM, Alex Kleider wrote:
>> My suggestion is to use enc-fs on the local (to be backed up) machine
>> so an encrypted version of the backup source is already available.
>> Then when it comes time to do backup, use the encrypted version and
>> send it over to the destination directory. The one 'gotcha' that I
>> see is that to reconstitute, one needs not only the encrypted file
>> and the passphrase, but also the ".encfs5" control file at the top
>> level of the raw encfs filesystem. I don't know if rsync transfers
>> hidden files but you wouldn't want to be left without it.
>> Using this approach, nothing 'new' needs to be written.
> There's actually a few gotchas with that:
> * It requires 2 rsync steps. It should be possible to do this all in one.
> * The .encfs5 file is needed, as you cited.
> And, most importantly:
> * When you need to recover file(s), there's no way to browse the remote
> file system and selectively download specific files (since all the file
> names are scrambled). So you'd have to do a *full* "reverse rsync",
> downloading *all* the encrypted files - which could potentially take
> many hours - in order to recover any files, no matter how small.
> That last one seems like a dealbreaker to me, making this approach
Actually, now that I think about it some more, there's actually an easy
workaround for this:
Yes, the remote files are scrambled. But since they've been rsync'ed
from the local box, they are an exact replica of the encrypted encfs
directory on the local box. So it's easy peasy to access the files in
the remote copy by just performing an encfs + sshfs mount of the remote
Duh - I don't know why I didn't think of that before!
Of course, this approach still requires 2 rsync steps. But if that's
the biggest drawback of it, then it's really not that big a deal. I
generally use 2 rsync steps in my backup process anyway (one to a
different disk, and one offsite) so this is really just a small tweak to
More information about the sf-lug