Thread: AES keys
Brought to you by:
thesun
Menu
▾
▴
rsyncrypto-devel
|
From: Gary H. <gar...@gm...> - 2005-05-19 10:36:39
|
Hi All, I am about to install a test rsyncrypto best, the only thing I am not sure of is how to create a single AES key (certificate)? Any pointers would be much appreciated. Thanks Gary |
|
From: Shachar S. <sh...@li...> - 2005-05-19 19:47:00
|
Gary Holzer wrote:
>Hi All,
>
>I am about to install a test rsyncrypto best, the only thing I am not
>sure of is how to create a single AES key (certificate)? Any pointers
>would be much appreciated.
>
>
AES keys (a.k.a. symmetric keys) are generated automatically by
rsyncrypto per encrypted files. This is what is stored in the "key" file
name you specify as the third parameter. What you are likely asking
about is generating the PKCS X509 certificate, which is an RSA key
(asymmetric key), which is the fourth parameter.
The rsyncrypto manual points you to the req(1) and x509(1) manual pages
of openssl. Off the top of my head, the command line to generate would
probably be something like:
openssl req -new -nodes -x509 -out backup.crt -keyout backup.key
The *.crt file is the certificate (public key) file. rsyncrypto ignores
just about all fields of the resulting certificate except the actual
key. This file is not secret. This file can be used for backup
(encryption), as well as restore (decryption) assuming you have not lost
the symmetric key files mentioned above (hot restore).
If the symmetric keys were lost, you will need the *.key RSA key
(private key), which must therefor be kept totally safe and secret, or
the entire encryption is worthless.
Repeating for briefty's sake:
- Each file is encrypted using AES. Each file gets its own key (called
the symmetric key). This is stored in a file given as the third
parameter to rsyncrypto, and should not be backed up. Each file should
be 68 bytes long. This file can be used, along with the public key, to
perform a restore (assuming you still have it).
- This file is also encrypted inside the encrypted file that should be
backed up. It is encrypted using the asymmetric key, or the RSA key.
This key should be specifically generated by you, using the command line
above.
- The *.key file is the secret part of the key, and should be kept,
well, secret. It is only ever needed by rsyncrypto if you need to
perform a restore after the key files were lost.
- The *.crt file is the public key. It is the key rsyncrypto should be
usually given as its fourth parameter, for both encryption and
decryption with key file present.
I hope this makes things a little clearer.
Shachar
--
Shachar Shemesh
Lingnu Open Source Consulting ltd.
Have you backed up today's work? http://www.lingnu.com/backup.html
|
|
From: Gary H. <gar...@gm...> - 2005-06-07 11:09:17
|
Dear List, I am currently trying to setup rsyncrypto so that the it will only encrypt certain file types e.g. *.dbf *.fpt *.cdx and also not to recursively look through a folder structure. The -r seems to include all directories recursively. Could I use the --trim? I am currently unsucessfuly playing around with building a file list in a text file and parsing this to rsyncrypto. Any help would be much appreciated. Thanks Gary |
|
From: Shachar S. <rsy...@sh...> - 2005-06-07 14:41:07
|
Gary Holzer wrote:
>Dear List,
>
>I am currently trying to setup rsyncrypto so that the it will only
>encrypt certain file types e.g. *.dbf *.fpt *.cdx and also not to
>recursively look through a folder structure. The -r seems to include
>all directories recursively. Could I use the --trim?
>
>I am currently unsucessfuly playing around with building a file list
>in a text file and parsing this to rsyncrypto.
>
>Any help would be much appreciated.
>
>Thanks
>
>Gary
>
>
The first thing that comes to mind is:
find . -name \*.dbf -or -name \*.fpt -or -name \*.cdx -maxdepth 1 -print
| rsyncrypto --filelist - destinationdir keysdir certificate.crt
There may be some room for tweaking this, of course. For example, the
above will not delete encrypted files from the encrypted dir. If that is
what you want, a more elaborate scheme will need to be performed.
Hope this helps,
Shachar
--
Shachar Shemesh
Lingnu Open Source Consulting ltd.
http://www.lingnu.com/
|
|
From: <am...@am...> - 2005-06-07 22:53:01
|
On 6/8/05, Shachar Shemesh <rsy...@am...> wrote: > The first thing that comes to mind is: > find . -name \*.dbf -or -name \*.fpt -or -name \*.cdx -maxdepth 1 -print > | rsyncrypto --filelist - destinationdir keysdir certificate.crt While you are at it, would you add an option to rsyncrypto to accept null-separated file lists? (a-la find's "-print0" and xargs' "-0") Cheers, --Amos |
|
From: Shachar S. <rsy...@sh...> - 2005-06-08 05:44:52
|
am...@am... wrote:
>On 6/8/05, Shachar Shemesh
><rsy...@am...> wrote:
>
>
>>The first thing that comes to mind is:
>>find . -name \*.dbf -or -name \*.fpt -or -name \*.cdx -maxdepth 1 -print
>>| rsyncrypto --filelist - destinationdir keysdir certificate.crt
>>
>>
>
>While you are at it, would you add an option to rsyncrypto to accept
>null-separated file lists? (a-la find's "-print0" and xargs' "-0")
>
>Cheers,
>
>--Amos
>
>
>
>
File it in the tracker?
Shachar
--
Shachar Shemesh
Lingnu Open Source Consulting ltd.
Have you backed up today's work? http://www.lingnu.com/backup.html
|
|
From: Gary H. <gar...@gm...> - 2005-06-15 10:20:19
|
Dear List,
I am setting up the win32 version of rsyncrypto to run under cygwin
from a XP box using the following command;
$RSYNC_CRYPTO -c --gzip $GZIP --filelist $FILELIST \
$CRYPT_DIR $KEYS_DIR $CERT > $TEMPFILE 2>&1
In a previous part of the script I sucessfully create the $FILELIST
and set up the other variables. The $CRYPT_DIR is on the same box that
is running cygwin i.e. the script and rsyncrypto. For some reason when
I run the script I get the following errors in the $TEMPFILE for each
file I try to encrypt in $FILELIST
e.g.
Error in encryption of /cygdrive/c/Work/Jo/Uni/Proposal - professional
comm.doc: mkdir failed(/cygdrive/c): Permission denied
I can succefully manually create directories from within cygwin. I
have used chown and chmod as well cacls in Windows to ensure that I
have permissions. Only thing I can figure is that rsyncrypto is having
an issue in creating folders? I have managed to get this whole thing
working on some work boxes (albeit using W2K).
Help please, as I have spent a fair few hours to no avail.
Gary
PS - using the version of gzip that comes with the windows version of
rsyncrypto (which I am also using)
|
|
From: Shachar S. <rsy...@sh...> - 2005-07-03 08:42:18
|
Gary Holzer wrote:
>Dear List,
>
>
>
Hi Gary,
Sorry for taking so long to answer. I have totally missed your email.
>In a previous part of the script I sucessfully create the $FILELIST
>and set up the other variables. The $CRYPT_DIR is on the same box that
>is running cygwin i.e. the script and rsyncrypto. For some reason when
>I run the script I get the following errors in the $TEMPFILE for each
>file I try to encrypt in $FILELIST
>
>e.g.
>
>Error in encryption of /cygdrive/c/Work/Jo/Uni/Proposal - professional
>comm.doc: mkdir failed(/cygdrive/c): Permission denied
>
>
Did the actual encryption succeed?
The problem is that rsyncrypto, in order to make sure the entire
directory path exists, creates each individual subdirectory. As such, it
also tries to create /cygdrive and /cygdrive/c. It is programmed to
ignore "file exists" errors as irrelevant.
The problem is that /cygdrive and /cygdrive/c are not regular
directories. They are made up by cygwin for the purpose of emulating the
Windows forset view over the cygwin tree view. As such, cygwin returns
"permission denited" for them, rather than the more conventional "file
exists". I actually think this is a bug in cygwin, btw.
I have a question, though. Why are you using the cygwin version when you
can use the native Windows version?
Shachar
--
Shachar Shemesh
Lingnu Open Systems Consulting
http://www.lingnu.com/
|
|
From: Gary H. <gar...@gm...> - 2005-07-03 09:10:18
|
Hi Shachar, Thanks for the reply. I actually did a work around bu writing to /usr/local/bin rather than cygdrive/c, this worked fine. When I tried to write to cygdrive I couldnt get it to encrypt or create the folder structures due to the permission error. I am running cygwin as there doesnt seem to be a windows version of rsync i.e. I run rsycrypto first then rsync these files. Cheers Gary On 7/3/05, Shachar Shemesh <rsy...@sh...> wrote: > Gary Holzer wrote: >=20 > >Dear List, > > > > > > > Hi Gary, >=20 > Sorry for taking so long to answer. I have totally missed your email. >=20 > >In a previous part of the script I sucessfully create the $FILELIST > >and set up the other variables. The $CRYPT_DIR is on the same box that > >is running cygwin i.e. the script and rsyncrypto. For some reason when > >I run the script I get the following errors in the $TEMPFILE for each > >file I try to encrypt in $FILELIST > > > >e.g. > > > >Error in encryption of /cygdrive/c/Work/Jo/Uni/Proposal - professional > >comm.doc: mkdir failed(/cygdrive/c): Permission denied > > > > > Did the actual encryption succeed? >=20 > The problem is that rsyncrypto, in order to make sure the entire > directory path exists, creates each individual subdirectory. As such, it > also tries to create /cygdrive and /cygdrive/c. It is programmed to > ignore "file exists" errors as irrelevant. >=20 > The problem is that /cygdrive and /cygdrive/c are not regular > directories. They are made up by cygwin for the purpose of emulating the > Windows forset view over the cygwin tree view. As such, cygwin returns > "permission denited" for them, rather than the more conventional "file > exists". I actually think this is a bug in cygwin, btw. >=20 > I have a question, though. Why are you using the cygwin version when you > can use the native Windows version? >=20 > Shachar >=20 > -- > Shachar Shemesh > Lingnu Open Systems Consulting > http://www.lingnu.com/ >=20 > |
|
From: Shachar S. <rsy...@sh...> - 2005-07-03 13:05:37
|
Gary Holzer wrote:
>Hi Shachar,
>
>Thanks for the reply. I actually did a work around bu writing to
>/usr/local/bin rather than cygdrive/c, this worked fine. When I tried
>to write to cygdrive I couldnt get it to encrypt or create the folder
>structures due to the permission error.
>
>I am running cygwin as there doesnt seem to be a windows version of
>rsync i.e. I run rsycrypto first then rsync these files.
>
>
What I do is install rsync + the one or two cygwin dlls it require. I
then run it as if it's a standard windows command line (thought I of
course have to translate the actual parameters to unix-type paths).
Cygwin is fairly self-configuring, and even if it was not installed on
the machine, it works as is.
>Cheers
>
>Gary
>
>
Shachar
--
Shachar Shemesh
Lingnu Open Systems Consulting
http://www.lingnu.com/
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X