Weblog entry #3 for gpall
See all weblog entries made by gpall.
#3
Secure backups of your system using tar and gpg!
Posted by gpall on Sun 17 Feb 2008 at 20:54
OK, I am paranoid.
The question is: what's the point of having your computer with a full encrypted disk, if the external usb disk next to your computer, is where you store the tar.bz2 backups of your computer?
No point, exactly! That's why I needed a way to keep the backups on the usb disk securely stored.
No need to say much: This is the only way!
# cd /media/my_external_usb_disk/
# tar cpSj --exclude=/tmp --exclude=/proc --exclude=/lost+found --exclude=/dev --exclude=/mnt --exclude=/media --exclude=/sys / | gpg -z 0 -e -r youruserID | tee sysbackup.tbg | md5sum > sysbackup.tbg.md5
This creates without intermediate temporary files, two outputs:
sysbackup.tbg which contains your encrypted backup, and sysbackup.tbg.md5 which contains the md5 hash of sysbackup.tbg
If your need selective restoring, just use:
# gpg -d /media/my_external_usb_disk/sysbackup.tbg | tar xvj etc/X11/xorg.conf
in order to restore for example the /etc/X11/xorg.conf file... so easy!
The question is: what's the point of having your computer with a full encrypted disk, if the external usb disk next to your computer, is where you store the tar.bz2 backups of your computer?
No point, exactly! That's why I needed a way to keep the backups on the usb disk securely stored.
No need to say much: This is the only way!
# cd /media/my_external_usb_disk/
# tar cpSj --exclude=/tmp --exclude=/proc --exclude=/lost+found --exclude=/dev --exclude=/mnt --exclude=/media --exclude=/sys / | gpg -z 0 -e -r youruserID | tee sysbackup.tbg | md5sum > sysbackup.tbg.md5
This creates without intermediate temporary files, two outputs:
sysbackup.tbg which contains your encrypted backup, and sysbackup.tbg.md5 which contains the md5 hash of sysbackup.tbg
If your need selective restoring, just use:
# gpg -d /media/my_external_usb_disk/sysbackup.tbg | tar xvj etc/X11/xorg.conf
in order to restore for example the /etc/X11/xorg.conf file... so easy!
Comments on this Entry
Posted by Anonymous (134.157.xx.xx) on Thu 13 Mar 2008 at 15:59
have also a look at duplicity:
Description: encrypted bandwidth-efficient backup
Duplicity backs directories by producing encrypted tar-format volumes
and uploading them to a remote or local file server. Because duplicity
uses librsync, the incremental archives are space efficient and only
record the parts of files that have changed since the last backup.
Because duplicity uses GnuPG to encrypt and/or sign these archives, they
will be safe from spying and/or modification by the server.
Description: encrypted bandwidth-efficient backup
Duplicity backs directories by producing encrypted tar-format volumes
and uploading them to a remote or local file server. Because duplicity
uses librsync, the incremental archives are space efficient and only
record the parts of files that have changed since the last backup.
Because duplicity uses GnuPG to encrypt and/or sign these archives, they
will be safe from spying and/or modification by the server.
[ Parent | Reply to this comment ]