Create host-proof encrypted incremental backups from standard Unix command line utilities
kzimmermann 33fb83c444 Created a separate file to hold the configurations | 8 gadi atpakaļ | |
---|---|---|
LICENSE | 9 gadi atpakaļ | |
README.md | 8 gadi atpakaļ | |
backup.sh | 8 gadi atpakaļ | |
backuprc | 8 gadi atpakaļ |
Create encrypted incremental backups using standard commonly-available Unix command line utilities using this script.
By making use of strong asymmetric encryption (PGP), the backup files produced could be subsequently hosted into any online hosting service without the risk of having your data read by unintended people: they would be host-proof. You could even use Google Drive!
This script uses gpg
and common Unix archiving mechanisms to do the work. tar
is the default archiver used for now, but eventually it will be possible to change it to your favorite format provided you have it installed in your machine. Make sure you've got gpg
set up and have at least one strong pair of keys available to start working!
First, copy the file backuprc
to your home directory under the name of .backuprc
:
cp backuprc ~/.backuprc
Edit this file and change the following line to acommodate your key id (usually the email address associated to your private key). This will be the public key used to encrypt the backup, and also the associated private key with which you will recover the content later.
recipient="someone@example.com" # change it accordingly!
Now you're all set to start creating backups! Currently, only backups of a single folder work, so get one folder full of important files and run:
backup.sh --encrypt folder/
If you will back up a single folder only and would like to sign the file as well to ensure integrity, add the --sign
option to it. Because you'll use your private key to sign, you will be prompted for your password.
backup.sh --sign --encrypt folder/
Your new encrypted backup will be available as folderYYYYMMDD.tar.gz.gpg
, where YYYYMMDD
is today's date (for a simple form of versioning). Put it somewhere safe!
Suppose you would like to recover your backup. Fetch your encrypted archive from your hideout and run:
backup.sh --decrypt folderYYYYMMDD.tar.gz.gpg
As you will be dealing with your private key again, you'll be prompted your password. After decryption is done, the file is unzipped, resulting in your original folder
directory getting back to you.
As usual, this is highly experimental software, and the warnings from the GPL apply very especially here:
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
A few tips to make these backups more reliable and sturdy:
Also, just to make it clear: I am not an IT security professional. I'm a hacker who likes shell scripting. This program has not been audited from a security standpoint, and I do not guarantee it's complete safety.
Here's what's coming up for the future releases:
The authors of gpg
and tar
and everything Unix deserve all my respect for their brilliance and effort.
backup.sh
is written by Klaus Zimmermann
See the LICENSE file for more information on how can you use this program.