blog:create_encrypted_tar_files
| Next revision | Previous revision | ||
| blog:create_encrypted_tar_files [2010-05-26 08:44] – created brb | blog:create_encrypted_tar_files [2010-05-26 10:31] (current) – brb | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Create encrypted tar files ====== | + | ====== Create encrypted tar backups and store them on the amazon S3 cloud ====== |
| - | # tar -zcf – todays_backup|openssl des3 -salt -k yourpassword | dd of=todays_backup.des3 | + | |
| + | Amazon S3 provides unlimited storage at low prices, which makes it an ideal solution for storing backups. But to make use of it, you need a piece of software that can actually interact with Amazon S3: create buckets, list the contents of a bucket, upload and download files, etc. And aws, a simple command-line utility written in Perl, is the perfect tool for the job. | ||
| - | Replace yourpassword with a password of your own. Keep the password to yourself, and keep it carefully. The above command will generate a file called todays_backup.des3. This file can only be decompressed using this password. | + | ===== Perparations ===== |
| - | To extract your protected archive file todays_backup.des3 use the following | + | Before you proceed, you should install the curl utility. On Ubuntu, you can do this using the sudo apt-get install curl command. Next, grab the latest version of the aws script: |
| - | | + | |
| - | Ref: http:// | + | Make it then executable and copy it to the /usr/bin directory: |
| + | |||
| + | chmod +x aws | ||
| + | sudo cp ~/aws /usr/bin/ | ||
| + | |||
| + | Create then an .awssecret file and open it in a text editor like nano: | ||
| + | |||
| + | nano .awssecret | ||
| + | |||
| + | Enter your Amazon AWS credentials (the Access Key ID and the Secret Access Key) as follows: | ||
| + | |||
| + | 1B5JYHPQCXW13GWKHAG2 | ||
| + | 2GAHKWG3+1wxcqyhpj5b1Ggqc0TIxj21DKkidjfz | ||
| + | |||
| + | Save the file and change its permissions: | ||
| + | |||
| + | chmod 600 .awssecret | ||
| + | |||
| + | aws is now ready to go. To create a bucket for your backup use the aws mkdir command (replacing BUCKET with the actual name): | ||
| + | |||
| + | aws mkdir BUCKET | ||
| + | |||
| + | ===== Create and upload the backup file ===== | ||
| + | |||
| + | Next, create an encrypted tarball of the directory you want to back up using the tar tool: | ||
| + | tar -zcf - todays_backup|openssl enc -aes-256-cbc -salt -pass pass: | ||
| + | |||
| + | Finally, upload the created archive to the created bucket: | ||
| + | |||
| + | < | ||
| + | aws put BUCKET/ | ||
| + | </ | ||
| + | |||
| + | The best part is that you don't have to do this manually every time you want to back up a certain directory. Here is a sample script that backs up photos stored on the local hard disk: | ||
| + | |||
| + | < | ||
| + | tar -zcf – todays_backup|openssl enc -aes-256-cbc -salt -pass pass: | ||
| + | aws put BUCKET/ | ||
| + | </ | ||
| + | |||
| + | Replace yourpassword with a password of your own. Keep the password to yourself, and keep it carefully. The above command will generate a file called todays_backup.tgz.aes-256-cbc. This file can only be decompressed using this password. | ||
| + | |||
| + | ===== Retrieve and decrypt a backup file ===== | ||
| + | Of course, you have to make sure that you can actually retrieve and decrypt your backup files. Test if this works, preferably with a small file: | ||
| + | |||
| + | Retrieve the file from S3: | ||
| + | aws get BUCKET/ | ||
| + | |||
| + | To extract your protected archive file use the following command: | ||
| + | # openssl enc -d -aes-256-cbc -in todays_backup.tgz.aes-256-cbc -out todays_backup.tgz | ||
| + | |||
| + | Ref: | ||
| + | * http:// | ||
| + | * http:// | ||
blog/create_encrypted_tar_files.1274856259.txt.gz · Last modified: 2010-05-26 08:44 by brb