Is this your first visit? You may want to subscribe to the feed.

Secure Backups with GPG

Recently I had a client who wanted to store server backups on their hosting provider’s FTP server. The only problem is that those backups contained confidential customer data. So I came up with the idea of using a public GPG key to encrypt backups before copying them to the FTP server.

A little searching revealed that a lot of other people have also used this method. A great guide for getting set up to do this can be found here.

I already had a GPG key pair, so all I had to do was import my public key on the server, change the trust settings, and write a few bash scripts to dump the DB, create an encrypted tar archive, and FTP it.

Here are the commands I used to encrypt the database dump and tar archive: 
# dump PostgreSQL data and encrypt it
pg_dump dbname | gpg -r C0E3268C -e -o /tmp/backup.sql.gpg

# tar the directories I want to backup and encrypt them
tar -c /var /etc | gpg -r C0E3268C -e -o /tmp/backup.tar.gpg

Related Articles

Code: gpg, security Jul 06, 2006 ● updated Dec 01, 2006 3 comments

3 comments

  1. You might also want to investigate 'duplicity' - a python script which wraps ssh, gpg and rsync to do incremental backups - saves a lot of bandwidth along the way. http://www.nongnu.org/duplicity/
    Grant McInnes Grant McInnes July 07, 2006 at 06:04 AM
  2. Thanks for the pointer, I'll have to try it out. I use rsync and hard links (similar to this) for my own backups.
    brandon brandon July 07, 2006 at 06:18 AM
  3. [...] Secure Backups with GPG (tags: sysadmin backup security crypto) [...]
    Bloggitation » links for 2006-07-08 Bloggitation » links for 2006-07-08 July 07, 2006 at 03:25 PM

Speak your mind:

*

*


* I hate spam and will never sell or publish your email address.

(You may use textile in your comments.)

Subscribe

Browse by Tag