rsyncrypto is basically rsync plus encryption. It’s not feature-complete I guess, but it works for me. Ubuntu source has binary package but compiling isn’t hard at all. Alright, so obviously man page has most of what you need, here I’ll write simple outlines.
Suppose your data source folder is ~/src, sync destination is ~/dst (this could be a mounted nfs or smb share), and rsyncrypto working directory is ~/rr.
First of all, create backup keys:
openssl req -nodes -newkey rsa:1536 -x509 \ -keyout ~/rr/backup.key -out ~/rr/backup.crt
Then the actual sync command is:
rsyncrypto --ne-nesting=2 --trim=3 -n ~/rr/map \ -cvr ~/src/ ~/dst/ ~/rr/keys ~/rr/backup.crt
This command will encrypt filename and folder structure. So obviously folder modification time will not be preserved, and empty folder will be lost. Parameter
--trim depends on your folder location.
--ne-nesting depends on the number of files you will have in the future. In general, you may want less than 1024 files per folder, so you need 1024*16^n > total number of files,
--ne-nesting=2 is enough for 200,000 files. After this encrypted sync, and suppose you lose everything except files in the ~/dst/, then you’ll need backup.key to cold decrypt all files. So be sure to keep backup.key at another place, preferably at another physical location. You can put the above command into crontab if
-v is removed. Also, syncing files without ownership might result in errors, and it may be hard to debug because rsyncrypto does not have very friendly error messages – in which case you may try to fix the file permission problem, or you may run the command by root.
If you want a parameter similar to
--delete in rsync, the corresponding parameter in rsyncrypto is
--delete-keys. The parameter
--delete alone in rsyncrypto does not remove filename mapping in ~/rr/map.
Suppose you want to cold decrypt to folder ~/rec/. First you need to decrypt filename mapping:
rsyncrypto -d ~/dst/filemap ~/rec/filemap \ ~/rec/filemap-keys ~/rr/backup.key
The above command generates ~/rec/filemap, so then you can decrypt all files:
rsyncrypto --trim=3 -n ~/rec/filemap \ -vrd ~/dst ~/rec/files ~/rec/keys ~/rr/backup.key
No Comments yet
Sorry, the comment form is closed at this time.