"Miguel Angel Rodriguez" [hidden email]
wrote the following on Sun, 29 Jan 2006 10:55:33 +0100
I woul'd store my remote backup encrypted. What can I do ?
If you're just worried about encrypted storing, I guess you could put
your rdiff-backup repository on an encrypted filesystem.
This is good for if your server physically gets stolen (which if you
have it in a colo, is a *very* rare chance), but otherwise pretty
pointless for a good backup solution.
If you want to make sure the server never sees your unencrypted data,
you could use programs specifically written for that, like duplicity
(which I wrote, and still use), hdup, etc.
Up until now, I didn't know you wrote Duplicity (very nice product,
except for it's age). For people that wanted secure backups, I used
box-backup, but it's extremely cumbersome to restore, so frankly, I
don't like it that much.
Duplicity would be the ultimate backup solution, except that the last
release was in August of 2003, and wasn't even stable. I did notice
that it did implement some of the rdiff code to get deltas on
A suggestion from someone who desperately wants the security of
box-backup, Duplicity, etc. with the functionality of rdiff-backup,
would there be a way to implement Duplicity code into rdiff-backup to
give the option of storing encrypted?
>>>>> Mike Bydalek <[hidden email]>
>>>>> wrote the following on Mon, 30 Jan 2006 08:26:35 -0700
> A suggestion from someone who desperately wants the security of
> box-backup, Duplicity, etc. with the functionality of rdiff-backup,
> would there be a way to implement Duplicity code into rdiff-backup to
> give the option of storing encrypted?
No, not really to my knowledge. The reverse-diff scheme can work
because the repository side has both the new and old data, and can
compute a new->old diff. duplicity assumes that the repository is
totally untrusted, so it has neither data in useable form. The source
side only has the new data and signatures of the old data, so it can
only compute an old->new diff.
There may be some way around this but it would probably be easier just
to keep duplicity up to date.