Differences

This shows you the differences between two versions of the page.

--- blog:create_encrypted_tar_files [2010-05-26 10:19] – brb
+++ blog:create_encrypted_tar_files [2010-05-26 10:28] – brb
@@ Line 1: / Line 1: @@
 ====== Create encrypted tar backups and store them on the amazon S3 cloud ======
-Amazon S3 provides unlimited storage at low prices, which makes it an ideal solution for storing backups. But to make use of it, you need a piece of software that can actually interact with Amazon S3: create buckets, list the contents of a bucket, upload and download files, etc. And aws, a simple command-line utility written in Perl, is the perfect tool for the job. You might wonder why not use a GUI-based application like Jungle Disk? For two simple reasons: as a CLI-based tool, aws is light on resources and it can be easily scripted.
+Amazon S3 provides unlimited storage at low prices, which makes it an ideal solution for storing backups. But to make use of it, you need a piece of software that can actually interact with Amazon S3: create buckets, list the contents of a bucket, upload and download files, etc. And aws, a simple command-line utility written in Perl, is the perfect tool for the job.
+===== Perparations =====
 Before you proceed, you should install the curl utility. On Ubuntu, you can do this using the sudo apt-get install curl command. Next, grab the latest version of the aws script:
@@ Line 29: / Line 31: @@
   aws mkdir BUCKET
-Next, create a tarball of the directory you want to back up using the tar tool:
+===== Create and upload the backup file =====
-  tar -pvczf tmp/dir.tar.gz /path/to/dir
+Next, create an encrypted tarball of the directory you want to back up using the tar tool:
+  tar -zcf - todays_backup|openssl enc -aes-256-cbc -salt -pass pass:yourpassword -out todays_backup.tgz.aes-256-cbc
 Finally, upload the created archive to the created bucket:
-aws put BUCKET/dir.tar.gz /path/to/dir.tar.gz
+<code>
+aws put BUCKET/dir.tar.gz /path/to/todays_backup.tgz.aes-256-cbc
+</code>
 The best part is that you don't have to do this manually every time you want to back up a certain directory. Here is a sample script that backs up photos stored on the local hard disk:
-  #!/bin/bash
+<code>
-  cd /home/user/
+tar -zcf – todays_backup|openssl enc -aes-256-cbc -salt -pass pass:yourpassword -out todays_backup.tgz.aes-256-cbc
-  tar -pvczf Photos.tar.gz Photos
+aws put BUCKET/todays_backup.tgz.aes-256-cbc /path/to/todays_backup.tgz.aes-256-cbc
-  aws put BUCKET/Photos.tar.gz Photos.tar.gz
+</code>
+Replace yourpassword with a password of your own. Keep the password to yourself, and keep it carefully. The above command will generate a file called todays_backup.tgz.aes-256-cbc. This file can only be decompressed using this password.
+===== Retrieve and decrypt a backup file =====
+Of course, you have to make sure that you can actually retrieve and decrypt your backup files. Test if this works, preferably with a small file:
-  # tar -zcf – todays_backup|openssl enc -aes-256-cbc -salt -pass pass:yourpassword -out todays_backup.tgz.aes-256-cbc
+Retrieve the file from S3:
+  aws get BUCKET/todays_backup.tgz.aes-256-cbc
-Replace yourpassword with a password of your own. Keep the password to yourself, and keep it carefully. The above command will generate a file called todays_backup.tgz.aes-256-cbc. This file can only be decompressed using this password.
-To extract your protected archive file todays_backup.des3 use the following command:
-  # openssl enc -d -aes-256-cbc -out todays_backup.tgz
+To extract your protected archive file use the following command:
+  # openssl enc -d -aes-256-cbc -in todays_backup.tgz.aes-256-cbc -out todays_backup.tgz
 Ref: http://www.linux-magazine.com/Online/Blogs/Productivity-Sauce-Dmitri-s-open-source-blend-of-productive-computing/Perfect-Backup-Solution-with-Amazon-S3-and-aws