Encrypted backup

Hi

Due to store the files in an external box or cloud should be possible encrypt the files as in Ubuntu desktop (uses duplicity)

1 Like

Currently no, I don’t know if @giacomo has any hint…

Yes, duplicity can encrypt the backup, but we don’t use for a very simple reason: users usually lose their cryptographic keys. :smiley:

To add the encryption you should modify a couple of scripts, if you’re interested I can post the details but be aware that you will lose these changes if the RPM will be updated.

2 Likes

Hi Giacomo,

[Keepass][1] [1]: http://keepass.info/ and [Keepassx][2] [2]: https://www.keepassx.org/ are great password managers. :slight_smile:

Encryptation should be an option. Everyone store data in clouds this days and no one know how the storage providers handle the data security.

If you send me the script changes and the changes will work with the updated RPM’s I don’t have any problem with that.

2 Likes

You need to remove the “–no-encryption” option from the following files:

  • /etc/e-smith/events/actions/backup-data-duplicity
  • /etc/e-smith/events/actions/cleanup-data-duplicity
  • /etc/e-smith/events/actions/restore-config-duplicity
  • /etc/e-smith/events/actions/restore-data-duplicity

Duplicity should run an encrypted backup on the first run.

+1

@davidep @giacomo it is possible to get this option as a standard ?

3 Likes

Be aware than duplicity will request to type the GPG password every time.

I think it is, but we need a little bit of code to handle GPG key generation and avoid password request.
Anyone else is interested in this feature?

1 Like

@giacomo

Thanks for the configuration.
If I uderstand I need to supply every backup wiyh the key and wil be entered manualy, yes?

I’m interessed to have this option as a standard

It would good if we can choose to get or not (a checkbox for ex)the encription

I use PGP to sign and / or encrypt files and e-mail quite often, I was just considering the usage of Truecrypt or EncFS as an alternative

Btw it’s a good option +1 for me

You have to manually type the password every time.
Duplicity has an option to avoid password request but I didn’t study it.

It seems there is interest for encrypted backup support, so we need to dig a bit into duplicity and find a simple way to script the GPG management process.

But I still have a big doubt: what happens in case of disaster recovery?
Your machine suddenly dies and you must restore configuration and data.
If the backup is not encrypted, the sysadmin can configure the data backup and quickly restore the configuration from there (and then proceed with slow process of restoring data).

But if the data backup is encrypted, and the configuration backup hasn’t been stored anywhere else, how can we restore the configuration backup? Where is saved the GPG key?
Does the sysadmin have to copy the GPG key in a well-known place using SSH?

If the sysadmin hasn’t saved GPG keys in a safe location, all data are lost!

Any better solutions or ideas?

1 Like

does a car can’t start if your security belt is not close ?

I’m not sure, but in fact a big warning and a documented howto could do the trick, and after all a sysadmin is a responsible adult.

@stephdl you’re very optimistic person :smiley:

1 Like

my 2c:

data encryption should be done externally… I mean: backup should be unencrypted… if I (the sysadmin) want encryption, I have to do it with my preferred tool… in this way all the responsibility is on my shoulders.
tools like NS (i.e. highly “automated”) could be “diseducational” and we’s always remember that we’re talking about an ENTERPRISE product… we’d help sysadmins, not substitute them

all IMVHO

1 Like

not at all, a realistic freedom lover :slight_smile:

1 Like

Ok, thanks

Backup settings with that option is the way to go, I think

Who chose an encrypted backup enter the key.
Who don’t want, do not enter the key and the backup is unencrypted

1 Like

I would love to be able to encrypt the backups as an option. +1

I agree, GPG keys would be a better alternative then password based backups.

1 Like