In order for the rsync algorithm to work,
both sides have to be looking at data in the same format (i.e. both either
process encrypted data or unencrypted data). If you want a true public
key/private key system, then the only way to do it is to encrypt and decrypt on
the client side. That creates two problems -
the
client has to encrypt the file it wants to send completely, prior to talking to
the daemon, regardless of file size (which creates a scalability issue) -
Calculating
the binary change of encrypted files creates an issue. If I have two separate versions
of the same file, their encrypted counterparts will be identical at the binary
level until the first change in one verses the other. That means that if you
modify the beginning of a file (just change the first bit), the two files will
be completely different. There is another option that we have
implemented in a backup scenario. If you’re interested, please email me directly. Alex From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Julian Pace Ross Hi all, I recently came across a possible requirement of backing up
certain files on a remote server ... in an encrypted format. This got me seriously thinking about the possibility of doing such a
thing with rsync. I am not too knowledgable about encryption and the mechanisms of the
rsync algorithm (at least as yet :), but I would like to know whether this is
attainable or 'far fetched' so to speak. In other words, the requirement would be that rsync encrypts the data
in transmission (like is done with ssh), but the data is stored on the receiver
still encrypted. The reverse (i.e. decryption with private key) would be done only when
the client is retreiving the data from the server. The idea is that data stored on the remote server would be unreadable
to the people on that side, but can be decrypted when rsyncing back to the
local server in case of data loss. I have a medium to good knowledge of C, but before delving
into understanding the rsync source, I wanted to hear any opinions on
how possible, if at all, this is... Julian |
-- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html