Backup/Recovery - Encrypt Offsite Backups Using Ccrypt

Categories:
·GNU/Linux
·Homebrew designs
·Perl
·Administration
·Backup/Recovery
·Bugs/Fixes
·Certification
·Database
·Email
·File/Print
·Hardware
·Information Grab Bag
·Interoperability
·GNU/Linux ABCs
·Monitoring
·Name Resolution
·Network Services
·Networking
·Remote Control
·Security
·Desktop
·Web
·BSD
·Solaris
·GIAGD
·REALbasic
·All Categories

Encrypt Offsite Backups Using Ccrypt
Topic: Backup/Recovery Posted:2005-11-05
Printer Friendly:

One application for encryption is shipping off backups to an external site. There are many inexpensive hosting facilities out there that will give you plenty of bandwidth and decent storage. True, there are companies that provide complete solutions; however, the cost for the transfer is much more. Even if you use password protected backups provided by your backup software, or use encryption, it may not provide enough security. Further, the performance degradation from using the backup software encryption might be too much for your backup window. In this article we will show you how to encrypt a file in an automated fashion, so that the file can be shipped off to an external site. The file can then be decrypted using a passphrase. One flaw in this scheme is that the passphrase is in a file. Since the data we are protecting is on the same machine anyway, this isn't a big deal. We simply don't ship off the file that contains the passphrase. Just don't use a passphrase that you use for anything else. You could also use this to encrypt a backup before putting it on tape, just in case the tape gets lost or mis-shipped. We used ccrypt for this, because it is open source, recently maintained, and has the options we wanted for automation. As an example, let's create a passphrase file to hold our passphrase in, encrypt a file, and then decrypt it:

srv-5:~/ccrypt usr4$ echo thisisthepassword > passphrase.txt
srv-5:~/ccrypt usr4$ cat passphrase.txt
thisisthepassword
srv-5:~/ccrypt usr4$ echo you have discovered the secret message > message.txt
srv-5:~/ccrypt usr4$ cat message.txt
you have discovered the secret message
srv-5:~/ccrypt usr4$ ccrypt -k passphrase.txt message.txt
srv-5:~/ccrypt usr4$ ls message*
message.txt.cpt
srv-5:~/ccrypt usr4$ cat message.txt.cpt
q�?C?w??NB??d9i~U?????YDu?P?p?-BO+HC;�t??J???(?}?8?O6??9%W
srv-5:~/ccrypt usr4$ 
srv-5:~/ccrypt usr4$ ccdecrypt -k passphrase.txt message.txt.cpt
srv-5:~/ccrypt usr4$ ls message*
message.txt
srv-5:~/ccrypt usr4$ cat message.txt
you have discovered the secret message

Let's encrypt the file, but enter a passphrase at the keyboard instead:

srv-5:~/ccrypt usr4$ 
srv-5:~/ccrypt usr4$ ls message*
message.txt
srv-5:~/ccrypt usr4$ ccrypt -k passphrase.txt message.txt
srv-5:~/ccrypt usr4$ ls message*
message.txt.cpt
srv-5:~/ccrypt usr4$ ccdecrypt message.txt.cpt
Enter decryption key: 
srv-5:~/ccrypt usr4$ ls message*
message.txt
srv-5:~/ccrypt usr4$ cat message.txt
you have discovered the secret message
srv-5:~/ccrypt usr4$

As you can see, all of this can be automated without the passphrase showing up in the process list of the machine.

Please read our Terms of Use
Microsoft, Windows, Windows XP, Windows 2003, Windows 2000, and NT are either trademarks or registered trademarks of Microsoft Corporation. NetAdminTools.com is not affiliated with Microsoft Corporation. Linux is a registered trademark of Linus Torvalds, and refers to the Linux kernel. The operating system of most distributions that contain the Linux kernel is GNU/Linux. All logos and trademarks in this site are property of their respective owner. Copyright 1997-2008 NetAdminTools.com