Alexander Zangerl <az@xxxxxxxxxxxxx> writes:
On Fri, 19 Sep 2003 11:24:03 +0200, Christian Jaeger writes:Are there alternatives? tar|gpg|netcat(+md5) is a solid solution but requires full backups each time.
not necessarily: i'm using dump (via amanda), and my /sbin/dump is a 90 line shell script that runs dump's output through gpg.
Yes, this would work with tar, too. However, date-based incremental backups don't work well * for large files with small changes
Yes. Well the nice thing of the nbd/cryptoloop approach would be that I don't necessarily need to keep (possibly quite many) old versions, I can simply overwrite the old backup file. Or keep one version only if I really want to keep them in a "trash", and empty the trash if it gets too big etc.; and I can always directly access the state of the whole filesystem at the time of the last backup without having to restore multiple incremental backups that may be big (i.e. 6GB full backup plus multiple possibly multi-GB incremental archives). And I can pick out any single file directly without having to unencrypt the whole thing too..
* when you can't trust the time stamp (what happens when files or directories are moved? file hierachies untarred?)
(It should probably not only save the modification time, but also size, and (debatable) inode number and inode change time.)
Some sort of "rsync/unison into an encrypted tar archive" would be nice. Any ideas how to achieve this in userland?
There's librsync (and rdiff making use of it).
Christian. - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
