On 06/15/2012 12:48 PM, Shlomi Fish wrote:
> Hi all,
> thanks for rsyncrypto.
you are welcome.
> I've become interested in it because I recently decided to use remote
> backups on http://rsync.net/ and want to keep my backups' secure. The first
> thing I wanted to note is that as of the latest release of rsyncrypto (1.12),
> the man page reads "fro stdin" instead of "from stdin". I saw this is fixed in
> the Subversion repository, so isn’t it time for a new release?
The subversion contains some fairly major changes which I have not had
the time to complete. I will release when they are ready. Hopefully,
I'll have more time for rsyncrypto soon.
> Otherwise I wanted to ask a question: what I want to do is have the encoded
> data encrypted by a password, which I enter for encrypting and for
> decrypting, so that I can still unpack/decode it if I just have access to the
> encoded data. How can this be achieved while still making the encoded data
> rsync-friendly? Does rsyncrypto support something like that? Should I look for
> something else?
Rsyncrypto uses a public/private key as the master encryption key, with
each file being encrypted using a symmetrical (AES) key. While it is
possible to produce an (insecure) symmetrical key from a password, no
such method exists for public keys. As such, no, rsyncrypto does not
support this mode of use.
But despair not. You can achieve the equivalent level of security by
encrypting your private key with a password, and storing it using the
same provider you store your actual data. At this point in time
rsyncrypto does not support decrypting from password protected RSA keys,
but such support can be, fairly easily, added. Otherwise, in case of
catastrophe, you can simply pull your encrypted key and decrypt is locally.
Hope this helps,
Lingnu Open Source Consulting Ltd.