From: Otto M. <om...@gm...> - 2012-05-31 22:33:34
|
Encryption is enabled by entering an encryption key when using s3cmd --configure If you do not enter a key, your data will not be encrypted. When encryption is used, S3cmd pipes the file through gnupg, saving the encrypted version as /tmp/tmpfiles-{random 20 char string}. This encrypted file is then transferred to S3, using the original filename for S3 storage. Some problems can occur with encryption: if you have a small /tmp directory and wish to encrypt files larger than the size of /tmp, it will fill up /tmp and fail. Your server may also experience severe problems if other processes need the /tmp directory to store files. If you kill the s3cmd process while it is in the midst of transferring an encrypted file, the temp file stored in /tmp will not be deleted, clogging up the tmp directory. I wrote a bash script to periodically delete any old /tmp files created by s3cmd. The encryption process uses symmetric encryption. CAST5 (CAST128) is the default symmetric encryption alorithm in gnupg available on CentOS 5. I edited the gpg-encrypt command line in the config file to change the algo to AES256. I am evaluating this tool for use within my clients, and it looks good. I did a functionality comparison with other packages and it won. Nice job! -- Otto Monnig, MSSE <om...@gm...>Kodiak Technology Group |