The Poor Boy Secure Backup System
|
With the wide diffusion of digital cameras, mp3 players and all the other addicting gadgets we couldn't live without anymore, we're always more often facing problems like: "How can I safely store the 1230 photos of my last holyday so that even if my house blew up I could retrieve them anyway?". Today we have plenty of online backup system to achieve this. We will use Gmail. But solved this, a second problem arises:"How can I keep my data sufficiently secure online?". At least one of the obvious answers is: encryption. We will use OpenSSL for this.
Important: I assume Linux as OS, but all the used products can be used under other OSs too.
Let's do everything step by step. Imagine you need to backup a full directory of images, whose name is "image". Open a shell and tar it, something like this:
tar cvf image.tar image
Usually you'd better also compress the tar file, but usually images taken from digital cameras are already compressed. At this point we have a single big file. It's now time to encrypt it. We can use the password protected AES algorithm. Just issue the following line:
openssl enc -aes-256-cbc -salt -in image.tar -out image.tar.enc
You'll be asked to input and then confirm a password, and your encrypted 'backupable' file is ready.
As written before, we're going to use gmail for our backup. Here we have several possibilities, for instance we could use GmailFS which lets you mount a Gmail account as a virtual filesystem (it is built on top of FUSE).
Another, in some cases simpler, solution could be to use GSpace, a Firefox extension that lets us use our gmail space as an ftp remote repository. You can create directories, upload and download files from your gmail account, using an easy and functional graphical user interface.
This is basically all you need to build a simple and basic secure backup system. Last thing missing is the openssl command to decrypt your file. Here it is:
openssl enc -d -aes-256-cbc -in image.tar.enc > image.tar
You should obviously input the correct password to get your data back decrypted.
That's all for now, folks.
|