Onion Information

Page Clicks: 0

First Seen: 03/11/2024

Last Indexed: 10/21/2024

Domain Index Total: 195

Inspired by World Backup Day , I decided to take a backup of my laptop. Thanks to using a free operating system I don't have to backup any of my software, just configuration and data files, which fit on a single DVD. In order to avoid worrying too much about secure storage and disposal of these backups, I have decided to encrypt them using a standard encrypted loopback filesystem . (Feel free to leave a comment if you can suggest an easier way of doing this.) Cryptmount setup Install cryptmount : apt-get install cryptmount and setup two encrypted mount points in /etc/cryptmount/cmtab : backup { dev=/backup.dat dir=/backup fstype=ext4 mountoptions=defaults,noatime keyfile=/backup.key keyhash=sha512 keycipher=aes-xts-plain64 keyformat=builtin cipher=aes-xts-plain64 } testbackup { dev=/media/cdrom/backup.dat dir=/backup fstype=ext4 mountoptions=defaults,noatime,ro,noload keyfile=/media/cdrom/backup.key keyhash=sha512 keycipher=aes-xts-plain64 keyformat=builtin cipher=aes-xts-plain64 } Initialize the encrypted filesystem Make sure you have at least 4.3 GB of free disk space on / and then run: mkdir /backup dd if=/dev/zero of=/backup.dat bs=1M count=4096 cryptmount --generate-key 32 backup cryptmount --prepare backup mkfs.ext4 -m 0 /dev/mapper/backup cryptmount --release backup Alternatively, if you're using a double-layer DVD then use this dd line: dd if=/dev/zero of=/backup.dat bs=1M count=8000 Burn the data to a DVD Mount the newly created partition: cryptmount backup and then copy the files you want to /backup/ before unmounting that partition: cryptmount -u backup Finally, use your favourite DVD-burning program to burn these files: /backup.dat /backup.key /etc/cryptmount/cmtab Test your backup Before deleting these two files, test the DVD you've just burned by mounting it: mount /cdrom cryptmount testbackup and looking at a random sampling of the files contained in /backup . Once you are satisfied that your backup is fine, umount the DVD: cryptmount -u testbackup umount /cdrom and remove the temporary files: rm /backup.dat /backup.key RSS Atom It would be better if you didn't use /dev/zero to create the backing "media" (your backup.dat file). To get better protection (since you are encrypting things anyway), you should use /dev/urandom (not /dev/random, as this will block). Of course, you can always feed the entropy pool as simply as doing random stuff on your desktop (the usual sources) and using the package randomsound, while you listen to some music to be used as entropy. For the really paranoid you might consider doing a shred -u -z on the backup.key file. It should be unnecessary for the backup.dat but if you have the time and entropy, you could do that too. If it is for long term storage (eg more than a couple of weeks) I wouldn't encrypt it. When the time comes you'll have forgotten the password and/or the technology won't work the same. I encrypt a backup which gets written over frequently (so there is continuity of password/technology), but anything written to a DVD I wouldn't. You don't mention it explicitly, but are you burning the encrypted file and the key together on the same disk? I have burned the key to the same media. It's possibly not as secure as having it on two separate discs since the passphrase could be brute-forced. But since the primary purpose of making a backup is to be able to restore stuff, I do want to be able to get to both pieces quickly if I need to. Have you got a different (more secure?) strategy that works for you? Add a comment