Time stamped encrypted archives
Developers use Version Control, business users Document management and consultants ZIP files.
From time to time I feel the need to safeguard a snapshot in time outside the machine I'm working with. Since " storage out of my control" isn't trustworthy, I encrypt data. This is the script I use:
To make that work, you need Encryption keys, you can create yourself. A typical script to call the script above would look like this:
When you remove the decryption part (one time creation only, no update), you would only need to have access to the public key, which you could share, so someone else can provide you with a zip file encrypted just for you.
As usual: YMMV.
From time to time I feel the need to safeguard a snapshot in time outside the machine I'm working with. Since " storage out of my control" isn't trustworthy, I encrypt data. This is the script I use:
# !/bin/bash
############################################################################
# Saves the given directory (%1) in an SSL encrypted zip file (%2) within
# the personalFiles folder. The name of the ZIP file needs to be without zip
# extension but might already contain the date. Destination might be %3
############################################################################
# Adjust these three values to your needs. Don't use ~ otherwise it doesn't
# work when you use sudo
tmplocation=/home/user/temp/
keyfile=/home/user/.ssh/pubkey.pem
privatekey=/home/user/.ssh/privkey.pem
if [ -z "$3" ]
then
secureloction=./
else
secureloction=$3
fi
fullzip=$tmplocation$2.zip
fulldestination=$secureloction$2.szip
securesource=$1
# If the final file exists we unencrypt it first to update it
if [ -f "${fulldestination}" ]
then
echo "Decrypting ${fulldestination}..."
openssl smime -decrypt -in "${fulldestination}" -binary -inform DEM -inkey $privatekey -out "${fullzip}"
# Zip the directory
echo "Updating from ${securesource}"
zip -ru $fullzip $securesource
else
echo "Creating from ${securesource}"
zip -r $fullzip $securesource
fi
# Encrypt it
echo Encrypting $fulldestination
openssl smime -encrypt -aes256 -in $fullzip -binary -outform DEM -out $fulldestination $keyfile
# Remove the temp file
shred -u $fullzip
notify-send -t 1000 -u low -i gtk-dialog-info "Secure backup completed: ${fulldestination}"
To make that work, you need Encryption keys, you can create yourself. A typical script to call the script above would look like this:
# !/bin/bash
############################################################################
# Save the Network connections from /etc/NetworkManager/system-connections
# in an SSL encrypted zip file
############################################################################
securesource=/etc/NetworkManager/system-connections
# Save one version per day
now=$(date +"%Y%m%d")
# Save one version per month
# now=$(date +"%Y%m")
zipfile=networkconnections_$now
secureloction=/home/user/allmyzips/
zipAndEncrypt $securesource $zipfile $secureloction
When you remove the decryption part (one time creation only, no update), you would only need to have access to the public key, which you could share, so someone else can provide you with a zip file encrypted just for you.
As usual: YMMV.
Posted by Stephan H Wissel on 13 August 2014 | Comments (0) | categories: Linux