From owner-freebsd-stable@FreeBSD.ORG Tue Jan 15 23:26:59 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 40FCC16A419 for ; Tue, 15 Jan 2008 23:26:59 +0000 (UTC) (envelope-from johan@stromnet.se) Received: from core.stromnet.se (core.stromnet.se [83.218.84.131]) by mx1.freebsd.org (Postfix) with ESMTP id E944D13C447 for ; Tue, 15 Jan 2008 23:26:58 +0000 (UTC) (envelope-from johan@stromnet.se) Received: from localhost (unknown [83.218.84.135]) by core.stromnet.se (Postfix) with ESMTP id 3158DD46404; Wed, 16 Jan 2008 00:26:57 +0100 (CET) X-Virus-Scanned: amavisd-new at stromnet.se Received: from core.stromnet.se ([83.218.84.131]) by localhost (core.stromnet.se [83.218.84.135]) (amavisd-new, port 10024) with ESMTP id QNCY2yC2TGSy; Wed, 16 Jan 2008 00:26:54 +0100 (CET) Received: from [172.28.1.102] (90-224-172-102-no129.tbcn.telia.com [90.224.172.102]) by core.stromnet.se (Postfix) with ESMTP id 4EEC5D46403; Wed, 16 Jan 2008 00:26:54 +0100 (CET) In-Reply-To: <39FB5CF3-F2F4-401B-9D6D-7796608152E5@ish.com.au> References: <39FB5CF3-F2F4-401B-9D6D-7796608152E5@ish.com.au> Mime-Version: 1.0 (Apple Message framework v753) Content-Type: text/plain; charset=ISO-8859-1; delsp=yes; format=flowed Message-Id: <4FF9842D-ADC9-4A99-9DC4-E0FE1CC9CDCF@stromnet.se> Content-Transfer-Encoding: quoted-printable From: =?ISO-8859-1?Q?Johan_Str=F6m?= Date: Wed, 16 Jan 2008 00:26:34 +0100 To: Aristedes Maniatis X-Mailer: Apple Mail (2.753) Cc: emj@emj.se, freebsd-stable@freebsd.org Subject: Re: Backup solution suggestions X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2008 23:26:59 -0000 On Jan 15, 2008, at 22:09 , Aristedes Maniatis wrote: > > On 15/01/2008, at 8:52 PM, Johan Str=F6m wrote: > >> I'm looking to invest in some new hardware for backup. probably =20 >> some kind of NAS (a 4-disk 1U NAS or something in that size). The =20 >> thing is that I won't be the only one with access to this box, =20 >> thus I would like to secure my data. >> What I would like is encryption both for the transfer to the box, =20 >> and encrypted on disk. The data on disk should not be readable by =20 >> anyone but me (ie the other user(s) of the box should not be able =20 >> to read it, at least not without a big effort). > > Take a look at bacula. It is a proper backup system, meaning that =20 > it does incremental backups, etc. Storage pools can be encrypted. =20 > Not sure if the network stream can be, but that could be solved =20 > with an ssh tunnel. And it is open source, reliable and runs nicely =20= > on FreeBSD. > My main problem with existing solutions is this "gap" of encryption =20 on the backup server side. I dont want it to be readable outside of =20 my box (without encryption keys ofcourse), so as soon as I send it of =20= from my box I want it to be encrypted over the link, and down on the =20 disk. Not decrypted on the remote box, to then be encrypted again =20 (with keys available on that box) and then stored to disk. That would =20= allow any users of that box (yes sure you can have file permissions =20 but lets assume someone else have root access there) to read my files. Simple Example: I create regular tarball (gziped maybee) with some files i want to =20 backup, Then i encrypt this file with ie gpg. Then i send of this =20 file using some unspecified network protocol to the storage server. Encrypted all the way, from my end to the remote disk.. The downside is that it is a static file.. not a "dynamic =20 filesystem", nothing I can mount and have easy access to individual =20 files from. *Thats* what I'm looking for. -- Johan=