LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   backup of files from encrypted disk (http://www.linuxquestions.org/questions/linux-security-4/backup-of-files-from-encrypted-disk-588363/)

rblampain 09-30-2007 06:09 AM

backup of files from encrypted disk
 
Probably a silly question, is a backup of files held on an encrypted hard disk also encrypted or are the files decrypted before being copied, for example, on a CD?

If the files are decrypted, can I also make the CD an encrypted drive? How?

Thank you for your help.

stress_junkie 09-30-2007 06:28 AM

The files are decrypted when the backup program reads the files. If you want the backup to be encrypted then you have to copy them to an encrypted medium. For example when I back up my encrypted partition I mount an external USB drive with an encrypted partition. Then I back up the files from their working location onto the encrypted partition on the external drive.

If you want to have an encrypted CD then you will have to make an encrypted container file that will fit on the CD, bind that to a loop device, make a file system in the loop device, mount the loop device, back up your files into the container file, unmount it, and copy the container file onto the CD. Keep in mind that a normal data CD has a file size limit. If you want to use the entire 4.7 GB of space you may need to convert the container file to an ISO 9660 image.

There are threads on this web site for using loop devices and container files.

unSpawn 09-30-2007 06:30 AM

//Sorry, didn't see stress_junkie's reply when I posted.

Quote:

Originally Posted by rblampain (Post 2908194)
Probably a silly question, is a backup of files held on an encrypted hard disk also encrypted or are the files decrypted before being copied

Generally speaking if you use OTF disk encryption that works kind of like a VFS layer then if you have access and copy files from the live filesystem they would be unencrypted. OTOH if you talk taking 'dd' type of backups you're below VFS layers and it wouldn't be.


Quote:

Originally Posted by rblampain (Post 2908194)
If the files are decrypted, can I also make the CD an encrypted drive?

AFAIK not. A CDRW itself does not have a concept of filesytems other than what it needs to write, so you would need an intermediate step to encrypt contents. For instance using EncFS (note it doesn't provide the strongest encryption around) you could make a directory, encfs-mount it, copy contents over, unmount it, 'mkisofs' the dir, then write. Once written you can encfs-mount the dir on the CDR and access files transparently. Regardless the FS you use, make sure you give thought to wiping/shredding used files anyway.

rblampain 10-01-2007 12:01 AM

Thank you both for your answers, I am learning a lot.

I only knew of the existence of encrypted disk but now I am wondering, if the extraction of the data from such a disk automatically gives unencrypted data, what is the point of encrypting the disk?

There must be something I am missing since, in my view, if the disk drive falls into the wrong hands, anybody can read it.

It looks like a script that makes a "dd" then an iso9660 of the resulting file should be the answer.

Can the automation of such a process result in an easy job for an operator or is it inevitably complex?

I am thinking this task can only be easy if it is possible to pre-label them (externally) and give the CDs a sort of individual identity when they are written so that each CD is easily identifiable by the backup/restore procedure.

If this is complicated, perhaps I should consider backing up to an encrypted hard drive rather than a CD.

I would appreciate your views very much.


All times are GMT -5. The time now is 02:00 PM.