[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: backup utilities: boxbackup?
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: backup utilities: boxbackup?
- From: Hannah Schroeter <hannah_(_at_)_schlund_(_dot_)_de>
- Date: Thu, 27 Oct 2005 17:01:12 +0200
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
- Organization: Schlund + Partner AG
On Thu, Oct 27, 2005 at 09:46:25AM -0500, dick_(_at_)_uchicago_(_dot_)_edu wrote:
>i'm currently using bzip2-ed dumps to backup my machines and i
>wonder if there is a better way to do it. by better i mean
>more secure and more automated than adding cron jobs.
>i am interested in encrypted backups, as i would prefer to
>have non-hijackable backups. i did see
>http://www.fluffy.co.uk/boxbackup/ and a couple posts about it
>here on misc_(_at_)__(_dot_)_
>can anybody vouch for the stability/reliability of this backup
>solution (besides the dev, ;) )?
I have a simpler backup encryption scheme running. On the box itself,
I have a file /etc/(subdir)/crypt_key, containing a hexadecimal string,
representing 512 bytes of random stuff (probably overkill but so then).
Then I have a small script .../backup_encrypt that looks like this:
exec /usr/sbin/openssl enc -aes-256-cfb -in /dev/stdin -out /dev/stdout \
-k `cat /etc/(subdir)/crypt_key`
And then, I pipe the gzip output (in my case I don't want that big CPU
hog named bzip2, and gzip is in base, while bzip2 isn't) into that
I have a separate backup of /etc/(subdir)/crypt_key and a few scripts
(e.g. the backup_decrypt counterpart [just add -d after "enc" in the
openssl invocation]) in a few places that are secure enough for me.