- Encrypted folder backup archive#
- Encrypted folder backup software#
- Encrypted folder backup code#
- Encrypted folder backup password#
- Encrypted folder backup download#
This is also not necessarily a security risk.
This makes an encrypted backup file trackable to the respective SSH public key. SSH keys also embed a public key tag in the encrypted *.age file. Re-using an existing SSH key-pair for encryption is therefore not recommended in certain scenarios. Note that SSH keys could be revoked when the public/private keys are re-used for system authentication. You now successfully compressed, encrypted, decrypted and decompressed backup data.
Encrypted folder backup archive#
Step 4: Sent over the encrypted backup file to the backup server with scp (secure SSH copy), rsync or use your API to copy to a S3 bucket or any other cloud storage: app-vps-01$ scp /$USER/home/.age 5: Test decryption with the private key of the backup server and uncompress the archive file: backup-vps-01$ age -d -i /$USER/.ssh/id_ed25519 .age > īackup-vps-01$ tar -xf Ĭongratulations. Step 3: Compress the backup data and encrypt with the SSH public key of the backup server: app-vps-01$ tar -zcv /dir/you/want/to/backup/ | age -e -R /$USER/home/id_ed25519.pub > /$USER/home/$(hostname)-backup-$(date +'%d-%m-%Y').tar.gz.age Step 2: Sent the backup server public key over to the application server: backup-vps-01$ cat /$USER/.ssh/id_ed25519.pub Your public key has been saved in /$USER/.ssh/id_ed25519.pub Your identification has been saved in /$USER/.ssh/id_ed25519 Generating public/private ed25519 key pair.Įnter file in which to save the key (/$USER/.ssh/id_ed25519):Įnter passphrase (empty for no passphrase):
Encrypted folder backup password#
Step 1: Generate an ed25519 SSH key-pair on the backup server with a strong passphrase-protected string and store this passphrase in a password manager: backup-vps-01$ ssh-keygen -o -a 256 -t ed25519 -C "$(hostname)-age-backup-key-$(date +'%d-%m-%Y')" You can read more here on SSH public key hardening. Backup data is encrypted with the public key ( id_ed25519.pub) and can only be decrypted with the private key ( id_ed25519).
The public key ( id_ed25519.pub) is available for any system/user, while the private key ( id_ed25519) should not be shared at all. The ssh-keygen binary generates an ed25519 SSH key-pair. SSH cryptography encrypts and decrypts with two different keys. However, we leverage a SSH key-pair to encrypt and decrypt files together with a passphrase. SSH (Secure SHell) is normally used to authenticate to servers, containers and workstations. Next we encrypt files at rest with age using a SSH public private key-pair. Now we check if the other system binaries are present: backup-vps-01$ which ssh ssh-keygen scp tar cron We used Ubuntu 20.04, Debian 10 and RHEL 8 for this blog post, although this backup method should work on almost all current Linux and BSD distributions.
Encrypted folder backup download#
Therefore we download age and place the binary in the /usr/local/bin/ folder so we can call age at all times. Installing age and checking prerequisitesĪge is not yet available (march 2021) in common Linux apt repositories. This means we need to have strong authenticated encryption for certain receivers, namely only the backup entities. The backup method described in this blog post adheres where possible to a zero-trust backup architecture, where we assume a Azure or AWS VPC (Virtual Private Cloud) is compromised via hostile actions, vulnerabilities or misconfiguration, and all S3 buckets/backups are now leaked on the dark web.
Encrypted folder backup software#
age got officially released as open source software in March 2021 by Google’s researcher Filippo Valsorda et. age is like PGP, but with modernized cryptography, stripped out bloated features and supports authenticated encryption (AEAD). This is why we use age (Actually Good Encryption) for asymmetric file encryption.
Encrypted folder backup code#
Other (paid) closed source backup solutions might not provide the proper security code review. PGP (Pretty Good Privacy) or OpenSSL can be used for encrypting files, but are rather inconvenient and complicated to use for file encryption. The default Linux binaries already provide solid tooling to backup and sync files and directories. Performing backups and replicating files and folders securely is of vital importance when you need to recover from a disaster scenario such as a system crash, system wipe, a data loss incident or even a complete cloud compromise. Cryptsus Blog | We craft cyber security solutions.
0 kommentar(er)
