Encrypting Backups

[Albert]

Am Montag, 29. März 2004 15:29 schrieb nobrain:
> I routinely generate backups as follows:
>
>   tar -c F | gpg --symmetric > E

I use this:

tar -cvf "$backup" "$backupdir"
						
echo "$mantra" | gpg --quiet --no-tty --pgp8 --batch --passphrase-fd 
0 --charset iso-8859-15 --force-mdc --no-secmem-warning --symmetric 
--output "$backup".gpg "backup"

I am not sure, if it is a good idea to do everything in 1 pipe. 
Maybe the compression, which is important for encrypting, works 
better, if you do it than I do.

>   Should I be encrypting only the files that need
>   to be kept secret rather than the whole of F?

I think so. I give every folder a special "sign" at the end, to 
decide, if it should be encrpyted.

>   Should I be using a different passphrase
>   for each backup?

You can create a dynamic password, which you know only. Of course I 
can't tell you what I do, but you can do some calculations with the 
time of a file, or use the md5sum of a certain line of a plain text 
file, a.s.o. Be careful with md5sum/sha1sum, if you like to decrypt 
on a different os.

>   Should I be using assymmetric encryption
>   instead?

It depends on your needs. IMO it is a question of worst case. If you 
loose everything it is easier to access with a passphrase.

Albert