From: Martin Steigerwald <martin@lichtvoll.de>
To: linux-btrfs@vger.kernel.org
Subject: send/receive for encrypted backup purposes
Date: Fri, 08 Jan 2016 14:44:53 +0100 [thread overview]
Message-ID: <1827847.pVfOzZHEoP@merkaba> (raw)
Hi!
Given that the Omnia Turris router has an mSATA slot and two USB 3 connectors,
I am pondering the feasibility for using it for backups of my home dir.
I pondered checking out zbackup, attic or obnam for that, of which at least
zbackup and obnam can do encrypted backups¹²³.
Yet then I thought why not using btrfs send and receive directly? I found two
answers:
Client doesn´t encrypt. And even tough I think the Omnia will be pretty secure
unless I configure a hole into it, I´d not feel that comfortable putting my
whole home directory there unsecured.
So my question is, would it be possible to have btrfs send/receive encrypted?
So far I have only three ideas about it, the first two are similar:
1) Mount a dm-crypted loopback file formatted with BTRFS from the router on
the client. Of course dm-crypt stuff need to happen on the client then. And I
wonder whether I would loose most of the probably performance benefit of using
btrfs send/receive this way. I could export the file with nfs for example.
2) Export a block device from the Omnia directly wie NBD or iSCSI or whatnot
and use it with dm-crypt on the client.
3) Have all home directories crypted via ecryptfs and only send/receive the
subvolumes with the ecryptfs files.
Any other ideas?
Something like this would also be nice to have to store on cloud storage.
Something along the line to send a crypted btrfs send/receive stream. Ideally
target could be a directory on some storage that doesn´t even need to be a
BTRFS. But I bet that would be a lot of work to implement.
[1] http://zbackup.org/
[2] https://attic-backup.org/
[3] http:/obnam.org
Thanks,
--
Martin
next reply other threads:[~2016-01-08 13:44 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-08 13:44 Martin Steigerwald [this message]
2016-01-08 14:00 ` send/receive for encrypted backup purposes Christoph Anton Mitterer
2016-01-08 14:02 ` Swâmi Petaramesh
2016-01-08 14:07 ` Christoph Anton Mitterer
2016-01-08 14:40 ` Austin S. Hemmelgarn
2016-01-08 14:49 ` Christoph Anton Mitterer
2016-01-08 15:04 ` Austin S. Hemmelgarn
2016-01-08 15:01 ` Austin S. Hemmelgarn
2016-01-09 19:05 ` Christoph Biedl
2016-01-11 12:50 ` Austin S. Hemmelgarn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1827847.pVfOzZHEoP@merkaba \
--to=martin@lichtvoll.de \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).