Encrypting external HDD backups - suggestions?

Showing 1-6 of 6 messages
Encrypting external HDD backups - suggestions? Aaron Hastings 5/28/12 2:11 PM
Hi all,

I backup my files regularly to my external HDD using rsync (through the
Grsync frontend). I'd ideally like to encrypt these files once they're
on the external drive and am looking for elegant solutions to do so.
I've been working with and familiarizing myself with GnuPG of late, but
my assumption is that if every file on the HDD was encrypted, it would
first need to be decrypted with my private key before rsync could do
anything with the files. Afterwards they would then need to be re-encrypted.

I'm throwing it out to both the Galway Linux Users Group and 091 Labs
public mailing lists to see what others suggest is the best way to go
about this. I'm not totally opposed to writing my own rsync scripts, but
if anyone has a more elegant solution (that guarantees the integrity and
validity of my files pre and post-encryption) I'd be delighted to hear them!

Cheers!

Yours in blissful paranoia,

Aaron
Re: [091labs-public] Encrypting external HDD backups - suggestions? Gerard Ryan 5/28/12 2:53 PM
I've never used rsync, so I can't be of any help there. I'm using 'Déjà
Dup' which is a really easy to use frontend to duplicity. It's easy to
get set up, with optional automatic backups, and settings for amazon s3
and rackspace if you've got space there. As far as I know, there are
people who don't like it because of its limited options (and people just
being used to whatever they were already using, rsync or other), but it
handles all the encryption stuff quite well, using GPG.


--
Gerard Ryan :: ger...@ryan.lt :: http://gerard.ryan.lt/blog
PGP Fingerprint: AA11 A666 C98E B6D8 231C 11ED 6EDC 7E4A 62BC 4A15
Re: [galway-lug] Re: [091labs-public] Encrypting external HDD backups - suggestions? Richey Ward 5/28/12 3:06 PM
I use deja-dup onto an external. Totally encrypted, and also does
incremented backups. Handy for doing a total home folder backups.
One word of advice, is to set some folders that have large dynamic
files (VM disks for example) to ignore, otherwise it will backup each
time it's changed.
Re: [galway-lug] Encrypting external HDD backups - suggestions? mark.oconnor 5/28/12 3:55 PM

Duplicity
=========
I see that others have recommended this, and it's GUI front end
deja-dup.

I haven't used this but looks like a great option for personal backups.
I like it's built in support for upload to Amazon S3.

Rsyncrypto
==========
rsync friendly file encryption:

http://rsyncrypto.lingnu.com/index.php/Home_Page
http://archive09.linux.com/feature/125322

Encrypted remote file systems
======================
See the following article:

http://balau82.wordpress.com/2009/08/23/secure-remote-storage-using-sshfs-and-encfs/

Basically mount an encrypted remote file system using Fuse and then use
rsync locally to backup files.


Old fashioned tar files
========================
You said you don't mind scripting?

The following is an interesting read:

http://anouar.im/2011/12/how-to-backup-with-rsync-tar-gpg-on-osx.html

It's useful to keep on-line snapshots of your file system, similar to
Apple's time-machine.


Regards,

MArk
Re: [galway-lug] Encrypting external HDD backups - suggestions? Aaron Hastings 5/29/12 2:42 PM
Many thanks to everyone for the excellent replies.

Here's my thoughts on the two main suggestions:

Deja Dup
I decided to use Deja Dup initially, as it came with Ubuntu and was the default backup solution. After only one or two backups, I decided to stop using it. The reasons were mostly based on feedback from existing users and from watching a video from UDS where Deja Dup was first suggested as a backup solution for Ubuntu.

My problem with 'Dup is that it only appears to be useful in the case of an absolute and catastrophic loss of all data. By its very design, it lacks the ability to read back individual files, seemingly making it an "everything or nothing" solution. This is because of how Duplicity works, by compressing and GPG encrypting blocks of files all at once. This isn't an acceptable solution to me, as I want full control over each individual file, even if it means decrypting Tar archives just to gain access to one .txt file.

TrueCrypt
I'll definitely be looking into TC based on the support some of you guys have given it. I suppose I was looking for a more manual solution in a sense. One where I know exactly what's happening and how, which is why I said I was open to - if a little weary of - writing my own scripts.

Mark - that last link you provided is very interesting and is very similar to what I was talking about in the above paragraph, i.e. writing my own scripts based around piping Tar, Gzip and Rsync commands into each other. I don't need a time-based solution, so I'll be leaving out the Cron element.

Cheers,
Aaron
Re: [galway-lug] Encrypting external HDD backups - suggestions? Gerard Ryan 7/12/12 3:18 PM
On 05/29/2012 10:42 PM, Aaron Hastings wrote:
> Many thanks to everyone for the excellent replies.
>
> Here's my thoughts on the two main suggestions:
>
> _*Deja Dup*_
> I decided to use Deja Dup initially, as it came with Ubuntu and was the
> default backup solution. After only one or two backups, I decided to
> stop using it. The reasons were mostly based on feedback from existing
> users and from watching a video from UDS where Deja Dup was first
> suggested as a backup solution for Ubuntu.
>
> My problem with 'Dup is that it only appears to be useful in the case of
> an _absolute and catastrophic loss of all data_. By its very design, it
> lacks the ability to read back individual files, seemingly making it an
> "everything or nothing" solution. This is because of how Duplicity
> works, by compressing and GPG encrypting blocks of files all at once.
> This isn't an acceptable solution to me, as I want full control over
> each individual file, even if it means decrypting Tar archives just to
> gain access to one .txt file.
>
> _*TrueCrypt*_
This just came up in my feeds today, and I thought I would share it...it
might clear a few things up about Déjà Dup:
http://www.jaddog.org/2012/07/12/deja-dup-to-the-rescue-restoring-less-than-a-full-backup/

I've just tried it, and the integration with nautilus is seamless, even
with gpg encrypted archives. I went into a directory that is in my
backup list, right clicked and clicked 'Restore Missing Files...'.
You can also right click on a file and select 'Revert to Previous
Version' and it will give you a drop down list of dates that it has
previous versions for.

It might be my lack of imagination, but I think that covers most bases! :)

--
Gerard Ryan :: ger...@ryan.lt :: http://blog.grdryn.me :: @grdryn