We want to keep a backup or a mirror of your files in a server we don't fully trust. You can have an encrypted FS on a file, and copy the complete FS to the untrusted server, but it is inefficient, and you get no granularity at all. In our case, the remote server runs amanda, and we want to use amanda's power to restore files selectively -- yet don't give away our privacy. (We are, in fact, the administrators, not the end users, and we are trying to offer good quality backups with good privacy). Rsync seems to come quite close -- so close that I am tempted to write a shell script. The implementation I am thinking of is quite inelegant: keep a "shadow" copy of the source files (encrypted using pgp), rsync the shadow directory and the destination. Are there ways to hook into rsync and preprocess the file before it is checksummed and sent over? Are there other alternatives? (hopefully more elegant than maintaining a shadow copy of all the files!). There's an "GPG and Rsync" thread describing almost exactly what we want <http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=adkpb7%242t6v%241%40FreeBSD.csie.NCTU.edu.tw&rnum=1&prev=/groups%3Fhl%3Den%26lr%3D%26ie%3DUTF-8%26q%3Drsync%2Bencrypted%26spell%3D1> And also rsync-backup seems to be almost there -- but things seem to be happening at the server end. http://www.stearns.org/rsync-backup/ cheers, martin
Yet another thread on the matter <http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=9q27k2%24rh%241%40FreeBSD.csie.NCTU.edu.tw&rnum=1&prev=/groups%3Fq%3Drsync%2Bencrypt%26hl%3Den%26lr%3D%26ie%3DUTF-8%26selm%3D9q27k2%2524rh%25241%2540FreeBSD.csie.NCTU.edu.tw%26rnum%3D1>
addady@active.co.il
2003-Jun-26 19:38 UTC
plain source -> encrypted destination: rsync + gpg
Hi, It seems that the --dest-filter patch of Kyle Jones can help you. Here is a link http://groups.google.com/groups?q=%22--dest-filter%22+group:mailing.unix.rsy nc+group:mailing.unix.rsync&hl=en&lr=&ie=UTF-8&group=mailing.unix.rsync&selm =b6f55s%24256q%241%40FreeBSD.csie.NCTU.edu.tw&rnum=1 Addady ----- Original Message ----- From: "Martin Langhoff" <ml@nzl.com.ar> To: <rsync@lists.samba.org> Sent: Thursday, June 26, 2003 8:38 AM Subject: plain source -> encrypted destination: rsync + gpg> We want to keep a backup or a mirror of your files in a server we don't > fully trust. You can have an encrypted FS on a file, and copy the > complete FS to the untrusted server, but it is inefficient, and you get > no granularity at all. > > In our case, the remote server runs amanda, and we want to use amanda's > power to restore files selectively -- yet don't give away our privacy. > (We are, in fact, the administrators, not the end users, and we are > trying to offer good quality backups with good privacy). > > Rsync seems to come quite close -- so close that I am tempted to write a > shell script. The implementation I am thinking of is quite inelegant: > keep a "shadow" copy of the source files (encrypted using pgp), rsync > the shadow directory and the destination. > > Are there ways to hook into rsync and preprocess the file before it is > checksummed and sent over? Are there other alternatives? (hopefully > more elegant than maintaining a shadow copy of all the files!). > > There's an "GPG and Rsync" thread describing almost exactly what we want ><http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=adkpb7%242t6v%24 1%40FreeBSD.csie.NCTU.edu.tw&rnum=1&prev=/groups%3Fhl%3Den%26lr%3D%26ie%3DUT F-8%26q%3Drsync%2Bencrypted%26spell%3D1>> > And also rsync-backup seems to be almost there -- but things seem to be > happening at the server end. > http://www.stearns.org/rsync-backup/ > > cheers, > > > > > martin > > -- > To unsubscribe or change options:http://lists.samba.org/mailman/listinfo/rsync> Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html >