Rich Freeman on 9 Mar 2014 11:52:27 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Encrypting Sensitive Personal Information In the Cloud?

On Sun, Mar 9, 2014 at 1:32 PM, Louis Kratz <> wrote:
> Does anyone do this now, and if so, what kind of services/encryption
> software do you use? I'd like something with version control, if possible,
> so I can add new year's data without the risk of corrupting old ones. I am
> looking for something a little more user-friendly than gpging a file and
> dumping it on s3.

Honestly, I use a script to encrypt everything with gpg and upload it
to s3, and have a rule on the bucket on s3 to move it to glacier.
That is for stuff that I want to keep a backup of in general, not for
taxes in particular.  I'm not worried about Amazon losing it since in
this case I have a local copy as well - there is only a disaster if my
house and Amazon's datacenter have a fire on the same day.

Some thoughts regarding a few ideas that came up on this list:
1.  An encrypted filesystem using LUKS is convenient, but doesn't
actually move anything offsite.  You'll still want some kind of
offsite encrypted backup solution on top of that if you care about
security.  I might suggest duplicity, which can gpg encrypt and dump
files on s3 automatically - I'm doing that for my home backups.

2.  A risk with an encrypted filesystem using LUKS is that if
something does go wrong recovery may be more difficult.  I think that
LUKS is just a block-based solution so I don't think that is a huge
risk, but if something goes wrong with your encryption layer you may
be hosed.  If this is just a local backup solution and you can verify
data was written cleanly before moving it offsite or whatever then
that isn't a problem.  If you're just going to work directly on a LUKS
drive then that is just another reason to have a backup somewhere.

Honestly, you might want to look at duplicity just as an archiving
solution - run it once on a directory and point it at s3 and you'll
get an encrypted backup.  I think it is indexed so that you can do
partial restores.  However, I don't think it can do partial transfers
within an individual file, so if you need one file in the middle of a
10GB backup image file you may have to download 10GB of data from
Amazon, which costs money (especially if using Glacier).  I don't know
how partial restores work across file splits - if you have 10GB worth
of 2MB backup files I don't know if it is smart enough to identify the
10 files it needs and download just those.  For me the use case is
catastrophic loss of all my home backups, so I'll end up restoring
everything I have on Glacier anyway.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --