BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] pre-backup encryption? user wants files to be inaccessible even to me :-)

2010-03-23 17:28:24
Subject: Re: [BackupPC-users] pre-backup encryption? user wants files to be inaccessible even to me :-)
From: Gerald Brandt <gbr AT majentis DOT com>
To: "General list for user discussion, questions and support" <backuppc-users AT lists.sourceforge DOT net>
Date: Tue, 23 Mar 2010 16:30:38 -0500 (CDT)

----- "Steve" <leperas AT gmail DOT com> wrote:
> You could show her something like TrueCrypt; if she put all the files
> she was worried about in a TrueCrypt volume(s), it would just be a
> "file" as far as BackupPC is concerned.  This is available for Windows
> and Linux I believe, maybe Mac's too...
> Evets
>
> On Tue, Mar 23, 2010 at 4:00 PM, Max Hetrick <maxhetrick AT verizon DOT net> wrote:
> > Max Hetrick wrote:
> >> It remains in a locked room then, with no mouse or keyboard either, and
> >> the building is alarmed. Once it's online then, online two
> >> administrators, myself and my boss, are able to view the backups threw
> >> BackupPC's web interface.
> >
> > ... through not threw. My typing and thinking skills aren't on par today. :)
> >

We have a user with the same situation... the company owner.  Our solution seemed optimum... until it failed.

My requirements ended up being

1) The encryption  must be on the users computer
2) The encryption must be invisible to the user
3) The backup and restore should work on individual files

1 and 2 were easy.  3 was difficult, and created a derived requirement of:

4) filename must remain known and readable.

That ruled out truecrypt.  If the user wanted a single .doc file restored, I didn't/couldn't restore a 5 GB truecrypt file.

The end result was we installed PGP encryption from http://www.pgp.com/products/index.html which let us encrypt on a directory basis, encrypting file contents while leaving file names intact.

Worked like a charm.  File were de-crypted as the user needed them.  Files backed up with smbclient got the encrypted version.  User wanted to restore a file, he gave us the name, and we restored it.

Then it failed.  Somehow, a file (apparently) became doubly encrypted.  It couldn't be decrypted, the file was toast.  The user found out too late, and a good copy was gone.  One dead spreadsheet.  One unhappy CEO.

He now backs up to an encrypted USB drive.

Gerald
------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: [BackupPC-users] pre-backup encryption? user wants files to be inaccessible even to me :-), Gerald Brandt <=
Previous by Date:  Re: [BackupPC-users] pre-backup encryption? user wants files to be inaccessible even to me :-), Steve
Next by Date:  Re: [BackupPC-users] pre-backup encryption? user wants files to be inaccessible even to me :-), Richard Shaw
Previous by Thread:  [BackupPC-users] Having Problems Creating Archives, Kris Lou
Next by Thread:  [BackupPC-users] wake up the machine, XP_2600
Indexes:  [Date] [Thread] [Top] [All Lists]