Johan Ström wrote:
My main problem with existing solutions is this "gap" of encryption on
the backup server side. I dont want it to be readable outside of my box
(without encryption keys ofcourse), so as soon as I send it of from my
box I want it to be encrypted over the link, and down on the disk. Not
decrypted on the remote box, to then be encrypted again (with keys
available on that box) and then stored to disk. That would allow any
users of that box (yes sure you can have file permissions but lets
assume someone else have root access there) to read my files.
Simple Example:
I create regular tarball (gziped maybee) with some files i want to
backup, Then i encrypt this file with ie gpg. Then i send of this file
using some unspecified network protocol to the storage server.
Encrypted all the way, from my end to the remote disk..
The downside is that it is a static file.. not a "dynamic filesystem",
nothing I can mount and have easy access to individual files from.
*Thats* what I'm looking for.
As a long-time user of Amanda and regular lurker on their mailing list,
I've noticed that latest versions of Amanda have encryption capabilities.
They seem to fit your needs in that encryption can be performed entirely
on the backup client ("your box") side if one opts to set things up that way.
I haven't used encryption with Amanda myself so this is just what I've
heard on the list and read from the wiki just now:
http://wiki.zmanda.com/index.php/How_To:Set_up_data_encryption
As for the ease of restore, it's not quite *that* easy, i.e. you can't
just transparently mount the backup as a filesystem and copy files from
there. Amanda has a command-line-ftp-like recovery interface, where you
can specify which files/subdirectories and from which date you want
recovered. It's been easy enough for me.
--
Toomas Aas
... Boy, that lightning came a little clo-********!!*******NO CARRIER
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
