#195 Issue closed: Encrypting the backup tarball on USB Devices (possible enhancement)¶
Labels: enhancement
HannesLink opened issue at 2013-01-31 13:41:¶
Hello,
due to some special security requirements at our site we are forced to encrypt all backups on external media. I've wrote a quick and dirty patch that changes the tar commands in backup/NETFS/default/50_make_backup.sh and restore/NETFS/default/40_restore_backup.sh so that the tarball is des3 encrypted using openssl.
Do you think this could be a possible enhancement for rear? Please let me know where I can upload the patch.
Best regards,
Hannes
gdha commented at 2013-02-01 12:12:¶
You may upload your patch into a gist (https://gist.github.com/)
HannesLink commented at 2013-02-01 12:49:¶
Done, you can find the patch at:
https://gist.github.com/4691079
Please let me know if this could be integrated in future releases of
rear.
gdha commented at 2013-02-01 15:12:¶
Thanks for the patch - I had a quick look and you encrypt/decrypt within
the whole BACKUP=NETFS workflow, but only check the keys with
OUTPUT=USB? I think OUTPUT=ISO should also be included. Perhaps, it
would make sense to move the
rear/verify/USB/NETFS/default/60_check_encryption_key.sh to
rear/verify/NETFS/default/60_check_encryption_key.sh?
dagwieers commented at 2013-02-01 16:05:¶
@HannesGIT It is easier to make a pull request rather than work with patches. The benefits are myriad:
- Pull requests can be discussed (and even commented per line if need be)
- Pull requests can be updated (when the branch is changed, committed and pushed)
- Pull requests are merged more easily directly, including any recent changes
Working with git requires some deeper understanding, but you can also modify files through Github itself and a pull-request is automatically made for you. So if you are fixing a single file, or modifying documentation, you don't even have to use the git command line)
gdha commented at 2013-02-11 09:48:¶
Added script
https://github.com/rear/rear/blob/de6d6a2651e40bee4748e328efcd2d010f15c0b4/usr/share/rear/prep/NETFS/default/09_check_encrypted_backup.sh
to grap 'openssl' if required
gdha commented at 2013-02-25 07:18:¶
tested it myself - it works correctly
[Export of Github issue for rear/rear.]