tarbackup icon indicating copy to clipboard operation
tarbackup copied to clipboard
verified publisher icon nanch

provide a simple script to allow people to tar/encrypt/backup their important directories

Open nanch opened this issue 13 years ago • 6 comments

nanch avatar Oct 03 '12 07:10 nanch

Precursor Q: Are you going with disk encryption?

kyle0r avatar Oct 03 '12 09:10 kyle0r

Firstly, thank you for your support and participation with this project so far kyle0r! You make this project a lot more fun, so thank you! :)

Given that users are encrypting their file before uploading, I haven't heard a motivating case for disk encryption.

nanch avatar Oct 03 '12 19:10 nanch

All good, interesting project to input on :) Its the kinda thing I'd do if I had the time/hardware/etc. So its nice to give input on something I can't do myself but might be able to help other with, perhaps selfish and unselfish at the same time ?! :)

On the disk crypt stuff, I understand, I guess it would be nice to say "your stuff encrypted" on our end, which adds a physical layer of security, should the server physically be lifted for some reason. In the physical breach worst case, this would protect users where their choice was none or partial crypting of their stuff prior/during upload.

I'd still encourage/provide the facility for people to self-crypt their stuff too, to avoid issues of the server is breached while online. Ideally this will be done with a crypt key that on the user has/knows.

Additional thought, you could run a sweep on uploads mime types on an interval, and advise if you detect non-crypted files. Perhaps even educating users that non-crypted files are auto-removed after X hours to avoid the risk to peoples data?

I've been thinking how one could hook uploads and encrypt them on the users behalf, but I've not thought of a way to do that without a shared key, the obvious disadvantage with shared keys is who has access to decrypt the data, its a weaker approach imho.

Perhaps a clever client side script is the best approach, you could even code things so only the script, or something that meets the scripts minimum security spec could actually upload. i.e. purge insecure uploads or such. It would probably be fairly easy to add a signature to things uploaded via the script, so you could check uploads for 1) encryption and 2) the uploader script signature, to be able to say "this file was safely uploaded".

Thinking out loud, I guess the upload script, when used the first time, would prompt the user to set up their encryption and security settings, etc.

That was a bit of brain dump, hope it helps some

kyle0r avatar Oct 03 '12 21:10 kyle0r

you could run a sweep on uploads ... and advise if you detect non-crypted files. Perhaps even educating users that non-crypted files are ... [a] risk to peoples data"

Interesting idea!

... the obvious disadvantage with shared keys ...

yeah, I'd like to stick with guaranteed data privacy

those are good ideas with the script walking through the encryption and stuff, I'll rough something out!

nanch avatar Oct 04 '12 02:10 nanch

Somebody has contributed a beginning to this at http://wiki.tarbackup.com/index.php?title=Main_Page#Script_All_the_Things

nanch avatar Oct 15 '12 08:10 nanch

A sample 'backup script' written in python

http://piqd.com/api?g=02ACDB2B-D13D-45D3-A8DD-EC6ABACC2F2E

since it uses the curl interface for uploads, it only supports 200MB backups, but it can be updated to support sftp like the Script_All_the_Things script does

example usage is:

# python backup.py username password /path/to/directory/to/backup/

nanch avatar Nov 09 '12 12:11 nanch