[NMLUG] Encrypting backups (RQ24-1)

Subject: [NMLUG] Encrypting backups (RQ24-1)
From: _sarang_ at sarangworld.com (Sarang)
Date: Wed Jun 30 19:07:27 2004
In-reply-to: <20040628201308.A5974@www.bohnsack.com>

Matt (and Wesley), thank you! I hadn't considered symmetric encryption
until I read your replies.

One minor glitch: "gpg -c" requires interaction, so I have to be there
when the backup runs, which means I can't do middle-of-the-night or
automated backups (I wrote a backup program that "recursively" fills a CD,
but it has to run "tar --bzip ... | gpg ..." multiple times). Is there any
way around this? (I'm guessing not).

With public-key encryption, I realize I'd have to type in my passphrase
each time when restoring from a backup, but I'm ok w/ that (besides,
everyone knows backups are write-only anyway, right? <G>)

--
Sincerely, Sarang (sarang@sarangworld.com)
AOL Instant Messenger ID: JavaMath
Backup Email: saranghome@softhome.net
<html><img src='http://noproxy.sarangworld.com/EXP/rr.php?20040630.131143'></html>

On Mon, 28 Jun 2004, Matthew Bohnsack wrote:

> Date: Mon, 28 Jun 2004 20:13:08 -0600
> From: Matthew Bohnsack <bohnsack@bohnsack.com>
> Reply-To: New Mexico Linux Users Group Mail List <nmlug@nmlug.org>
> To: New Mexico Linux Users Group Mail List <nmlug@nmlug.org>
> Subject: Re: [NMLUG] Encrypting backups (RQ24-1)
>
> * Sarang <_sarang_@sarangworld.com> [Jun 28, 2004 at 07:40:41PM MDT]:
> > I want to encrypt my backups (using GPG), but don't want to run into the
> > silly situation where my hard drive crashes and I lose the secret key to
> > decrypt my backups of the hard drive!
> ...
> > Of course, I realize I'll need my passphrase as well, but I plan to
> > store that in /dev/sarang/brain (low-memory, high-seek-time device I
> > had installed some time ago).
>
> Sarang,
>
> Why do you need public key crypto for a backup that I'll presume only
> you will access?  Public key crypto is for encrypting and then
> decrypting bits in a transaction between different parties that don't
> have a secure channel for a shared key.  This doesn't sound like what
> you want.  Instead, I guess you really only need "conventional
> cryptography".  With conventional crypto, you can always recover your
> data with single pass phrase (secret key), which you've already committed
> to storing in /dev/sarang/brain.
>
> The first hit on google for encrypting a file with PGP:
> http://www.google.com/search?hl=en&ie=UTF-8&q=encrypting+a+file+with+PGP&btnG=Google+Search
> yields just what I assume you're looking for:
> https://engineering.purdue.edu/ECN/Resources/KnowledgeBase/Docs/20020202101955
>
> In summary:
>
> You can still use GPG for conventional crypto, just give it a "-c".
>
> -Matt
> --
> Matt Bohnsack  <bohnsack@bohnsack.com>
> http://bohnsack.com/
> Albuquerque New Mexico, - USA
> _______________________________________________
> NMLUG mailing list
> NMLUG@nmlug.org
> http://www.nmlug.org/mailman/listinfo/nmlug
>

References:
- [NMLUG] Encrypting backups (RQ24-1)
  - From: bohnsack at bohnsack.com (Matthew Bohnsack)

Prev by Date: [NMLUG] Coming back to NM
Index(es):
- Chronological
- Thread

Please send sugestions and comments to webmaster@nmlug.org.