Hi all, I recently came across a possible requirement of backing up certain files on a remote server ... in an encrypted format. This got me seriously thinking about the possibility of doing such a thing with rsync. I am not too knowledgable about encryption and the mechanisms of the rsync algorithm (at least as yet :), but I would like to know whether this is attainable or 'far fetched' so to speak. In other words, the requirement would be that rsync encrypts the data in transmission (like is done with ssh), but the data is stored on the receiver still encrypted. The reverse (i.e. decryption with private key) would be done only when the client is retreiving the data from the server. The idea is that data stored on the remote server would be unreadable to the people on that side, but can be decrypted when rsyncing back to the local server in case of data loss. I have a medium to good knowledge of C, but before delving into understanding the rsync source, I wanted to hear any opinions on how possible, if at all, this is... Julian -------------- next part -------------- HTML attachment scrubbed and removed
Julian Pace Ross wrote...> The idea is that data stored on the remote server would be unreadable to the > people on that side, but can be decrypted when rsyncing back to the local > server in case of data loss.In that case encyption will have to take place before transmission anyway. Else you do rely on an uncorrpted rsync on the remote side. My solution for that problem is outside of rsync. I am using an encrypted filesystem where encryption takes place on the local side and the actual storage is accessed via the network. rsync itself is a local (file only) operation then. The "network block device" in Linux would be a nice thing for that but it lacks a lot of features to make it usable (according bug reports are on my todo list). So currently my solution is really ugly: The remote side exports (via nfs) a directory with a single huge file. The directory is mounted, then that image using loopback and encryption. This works but results in poor performance as caching is virtually disabled. Christoph
In order for the rsync algorithm to work, both sides have to be looking at data in the same format (i.e. both either process encrypted data or unencrypted data). If you want a true public key/private key system, then the only way to do it is to encrypt and decrypt on the client side. That creates two problems - the client has to encrypt the file it wants to send completely, prior to talking to the daemon, regardless of file size (which creates a scalability issue) - Calculating the binary change of encrypted files creates an issue. If I have two separate versions of the same file, their encrypted counterparts will be identical at the binary level until the first change in one verses the other. That means that if you modify the beginning of a file (just change the first bit), the two files will be completely different. There is another option that we have implemented in a backup scenario. If you're interested, please email me directly. Alex ________________________________ From: rsync-bounces+rsync=kolosy.com@lists.samba.org [mailto:rsync-bounces+rsync=kolosy.com@lists.samba.org] On Behalf Of Julian Pace Ross Sent: Sunday, April 16, 2006 12:44 PM To: rsync@lists.samba.org Subject: Encryption Hi all, I recently came across a possible requirement of backing up certain files on a remote server ... in an encrypted format. This got me seriously thinking about the possibility of doing such a thing with rsync. I am not too knowledgable about encryption and the mechanisms of the rsync algorithm (at least as yet :), but I would like to know whether this is attainable or 'far fetched' so to speak. In other words, the requirement would be that rsync encrypts the data in transmission (like is done with ssh), but the data is stored on the receiver still encrypted. The reverse (i.e. decryption with private key) would be done only when the client is retreiving the data from the server. The idea is that data stored on the remote server would be unreadable to the people on that side, but can be decrypted when rsyncing back to the local server in case of data loss. I have a medium to good knowledge of C, but before delving into understanding the rsync source, I wanted to hear any opinions on how possible, if at all, this is... Julian -------------- next part -------------- HTML attachment scrubbed and removed
Hello, Take a look at Rsyncrypto, rsync friendly file encryption http://sourceforge.net/projects/rsyncrypto The file are encrypted befor it rsync. Regards, Milutin Voinivich http://www.nasbackup.com/ ** Julian Pace Ross wrote:> Hi all,> > I recently came across a possible requirement of backing up > certain files on a remote server ... in an encrypted format. > This got me seriously thinking about the possibility of doing such a > thing with rsync. > I am not too knowledgable about encryption and the mechanisms of the > rsync algorithm (at least as yet :), but I would like to know whether > this is attainable or 'far fetched' so to speak. > In other words, the requirement would be that rsync encrypts the data > in transmission (like is done with ssh), but the data is stored on the > receiver still encrypted. > The reverse (i.e. decryption with private key) would be done only when > the client is retreiving the data from the server. > The idea is that data stored on the remote server would be unreadable > to the people on that side, but can be decrypted when rsyncing back to > the local server in case of data loss. > I have a medium to good knowledge of C, but before delving into > understanding the rsync source, I wanted to hear any opinions on how > possible, if at all, this is... > > Julian > >