Ciphered backups

Registered by Ian Blanes on 2008-12-10

Ciphered backups is a feature I would like to see in a linux backup solution. I've seen lots of requests while checking if any backup solution provides it.

Blueprint information

Status:
Not started
Approver:
None
Priority:
Undefined
Drafter:
None
Direction:
Needs approval
Assignee:
None
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

Some ideas:

* Backups should be performed without human intervention (no keys asked).
* No keys should be stored in plain format.
* Keys should be in the backup destination (in case it is a different machine).

Public key ciphers are a good start. The public key could be used to cipher backups and the private key could be password protected and embedded in every backup (gpg could be used to do this).

As to the incremental backup problem, the main issue is to determine if a file is already backed up without knowing the backup contents. For this, a good solution could be to create a list with md5/sha1c signatures of each file name, attributes (without atime) and some salt. As those are one-way functions one can test for existence but can't know the contents.

The backup procedure would then be:

On the backup setup:

* Ask for a password
* Create a public / private key pair
* Cipher the private key using the given password with a symmetric cipher
* Store both keys along with the backup configuration

----

Backup:

* Create a list of files to be backed up. Such list must have attributes.
* Exclude files already present in a previous suitable backup.
 * Either comparing flist, fprops
 * Or testing against the one way hashes.
* Create a normal backup piping trough a gpg in asymmetric mode with the public key already created
 * no local backup (out of space)
 * or remote plain intermediate file (security).
 * all files should have the same procedure
* Chose a salt and create the hashed file list
* Append the ciphered private key.

----

Restore:

* Open the private key with the user provided password
* Restore the original backup (piping through a gpg for decryption).

--

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.