Encrypting external HDD backups - suggestions?

180 views
Skip to first unread message

Aaron Hastings

unread,
May 28, 2012, 5:11:15 PM5/28/12
to galwa...@googlegroups.com, 091labs...@googlegroups.com
Hi all,

I backup my files regularly to my external HDD using rsync (through the
Grsync frontend). I'd ideally like to encrypt these files once they're
on the external drive and am looking for elegant solutions to do so.
I've been working with and familiarizing myself with GnuPG of late, but
my assumption is that if every file on the HDD was encrypted, it would
first need to be decrypted with my private key before rsync could do
anything with the files. Afterwards they would then need to be re-encrypted.

I'm throwing it out to both the Galway Linux Users Group and 091 Labs
public mailing lists to see what others suggest is the best way to go
about this. I'm not totally opposed to writing my own rsync scripts, but
if anyone has a more elegant solution (that guarantees the integrity and
validity of my files pre and post-encryption) I'd be delighted to hear them!

Cheers!

Yours in blissful paranoia,

Aaron

Gerard Ryan

unread,
May 28, 2012, 5:53:03 PM5/28/12
to 091labs...@googlegroups.com, galwa...@googlegroups.com
I've never used rsync, so I can't be of any help there. I'm using 'Déjà
Dup' which is a really easy to use frontend to duplicity. It's easy to
get set up, with optional automatic backups, and settings for amazon s3
and rackspace if you've got space there. As far as I know, there are
people who don't like it because of its limited options (and people just
being used to whatever they were already using, rsync or other), but it
handles all the encryption stuff quite well, using GPG.


--
Gerard Ryan :: ger...@ryan.lt :: http://gerard.ryan.lt/blog
PGP Fingerprint: AA11 A666 C98E B6D8 231C 11ED 6EDC 7E4A 62BC 4A15

Richey Ward

unread,
May 28, 2012, 6:06:37 PM5/28/12
to galwa...@googlegroups.com
I use deja-dup onto an external. Totally encrypted, and also does
incremented backups. Handy for doing a total home folder backups.
One word of advice, is to set some folders that have large dynamic
files (VM disks for example) to ignore, otherwise it will backup each
time it's changed.

Mark O'Connor

unread,
May 28, 2012, 6:55:45 PM5/28/12
to galwa...@googlegroups.com, 091labs...@googlegroups.com

Duplicity
=========
I see that others have recommended this, and it's GUI front end
deja-dup.

I haven't used this but looks like a great option for personal backups.
I like it's built in support for upload to Amazon S3.

Rsyncrypto
==========
rsync friendly file encryption:

http://rsyncrypto.lingnu.com/index.php/Home_Page
http://archive09.linux.com/feature/125322

Encrypted remote file systems
======================
See the following article:

http://balau82.wordpress.com/2009/08/23/secure-remote-storage-using-sshfs-and-encfs/

Basically mount an encrypted remote file system using Fuse and then use
rsync locally to backup files.


Old fashioned tar files
========================
You said you don't mind scripting?

The following is an interesting read:

http://anouar.im/2011/12/how-to-backup-with-rsync-tar-gpg-on-osx.html

It's useful to keep on-line snapshots of your file system, similar to
Apple's time-machine.


Regards,

MArk

Aaron Hastings

unread,
May 29, 2012, 5:42:05 PM5/29/12
to galwa...@googlegroups.com, 091labs...@googlegroups.com
Many thanks to everyone for the excellent replies.

Here's my thoughts on the two main suggestions:

Deja Dup
I decided to use Deja Dup initially, as it came with Ubuntu and was the default backup solution. After only one or two backups, I decided to stop using it. The reasons were mostly based on feedback from existing users and from watching a video from UDS where Deja Dup was first suggested as a backup solution for Ubuntu.

My problem with 'Dup is that it only appears to be useful in the case of an absolute and catastrophic loss of all data. By its very design, it lacks the ability to read back individual files, seemingly making it an "everything or nothing" solution. This is because of how Duplicity works, by compressing and GPG encrypting blocks of files all at once. This isn't an acceptable solution to me, as I want full control over each individual file, even if it means decrypting Tar archives just to gain access to one .txt file.

TrueCrypt
I'll definitely be looking into TC based on the support some of you guys have given it. I suppose I was looking for a more manual solution in a sense. One where I know exactly what's happening and how, which is why I said I was open to - if a little weary of - writing my own scripts.

Mark - that last link you provided is very interesting and is very similar to what I was talking about in the above paragraph, i.e. writing my own scripts based around piping Tar, Gzip and Rsync commands into each other. I don't need a time-based solution, so I'll be leaving out the Cron element.

Cheers,
Aaron

Gerard Ryan

unread,
Jul 12, 2012, 6:18:55 PM7/12/12
to galwa...@googlegroups.com
On 05/29/2012 10:42 PM, Aaron Hastings wrote:
> Many thanks to everyone for the excellent replies.
>
> Here's my thoughts on the two main suggestions:
>
> _*Deja Dup*_
> I decided to use Deja Dup initially, as it came with Ubuntu and was the
> default backup solution. After only one or two backups, I decided to
> stop using it. The reasons were mostly based on feedback from existing
> users and from watching a video from UDS where Deja Dup was first
> suggested as a backup solution for Ubuntu.
>
> My problem with 'Dup is that it only appears to be useful in the case of
> an _absolute and catastrophic loss of all data_. By its very design, it
> lacks the ability to read back individual files, seemingly making it an
> "everything or nothing" solution. This is because of how Duplicity
> works, by compressing and GPG encrypting blocks of files all at once.
> This isn't an acceptable solution to me, as I want full control over
> each individual file, even if it means decrypting Tar archives just to
> gain access to one .txt file.
>
> _*TrueCrypt*_
This just came up in my feeds today, and I thought I would share it...it
might clear a few things up about Déjà Dup:
http://www.jaddog.org/2012/07/12/deja-dup-to-the-rescue-restoring-less-than-a-full-backup/

I've just tried it, and the integration with nautilus is seamless, even
with gpg encrypted archives. I went into a directory that is in my
backup list, right clicked and clicked 'Restore Missing Files...'.
You can also right click on a file and select 'Revert to Previous
Version' and it will give you a drop down list of dates that it has
previous versions for.

It might be my lack of imagination, but I think that covers most bases! :)

--
Gerard Ryan :: ger...@ryan.lt :: http://blog.grdryn.me :: @grdryn
Reply all
Reply to author
Forward
0 new messages