The Cloud (aka another dude’s computer) is a great place to backup your data, files and make your life easier and your technical resources more accessible. It can also be extremely dangerous if you don’t take steps to protect your privacy. Here’s one way to securely handle data and file backups to the Cloud on Linux/UNIX like computers.
I’ve written a small Python tool which will do this for you, calling the GNU tar utility to archive the data/directories you want backed up and GPG to encrypt them. They are then copied to a local location and dated, with the intention that the local destination is some kind of networked Cloud share like a Dropbox, Google Drive or similar backed mount.
How it Works
You’ll need to have GPG setup on your system already, I won’t cover this here but there are great guides available on the web.
Find the keyID(s) that you’d like to be able to open the files, it will be in a format like below, note the string 07BC7E81 – that’s the GPG KeyID we are encrypting it for in our example.
gpg --list-keys firstname.lastname@example.org pub 1024D/07BC7E81 2008-08-18 uid Will Foster <email@example.com> uid Will Foster <firstname.lastname@example.org> sub 2048g/E3886BC8 2008-08-18
Get the Program
curl https://raw.githubusercontent.com/sadsfae/misc-scripts/master/python/backup-file.py \ > backup-file.py && chmod +x backup-file.py
Run the Program
–recipient = Your target GPG KeyID e.g. 07BC7E81
— data = What you want to backup (dir, files)
— backup = Local location to back things up (could be Google Drive, Dropbox, Amazon S3, etc)
— verbose = on/off, optional
# python backup-file.py --recipient 07BC7E81 --data ~/Templates --backup Dropbox/backup/ --backupname Templates_backup --verbose on verbosity turned on Recipient: 07BC7E81 Data: /home/wfoster/Templates Backup To: Dropbox/backup/ Backup Name: Templates_backup-201508081351 tar: Removing leading `/' from member names /home/wfoster/Templates/ /home/wfoster/Templates/Presentation Backgrounds/ /home/wfoster/Templates/Presentation Backgrounds/summitblue.otp /home/wfoster/Templates/groupuinames.xml
Our target data is both archived and encrypted and only the KeyID(s) you specified can open it!.
The location in –backup can be a mounted Google Drive, Dropbox or some other remote Cloud storage provider. Certainly you don’t trust a 3rd party with your sensitive data do you? Good, we didn’t think so and lucky for you it’s encrypted.
# file Dropbox/backup/Templates_backup-201508081351.tar.gz.gpg Dropbox/backup/Templates_backup-201508081351.tar.gz.gpg: GPG encrypted data
- insync is a CLI Google Drive client for Linux
- I’ve also used grive2 for Google Drive with success on Ubuntu-based distributions
- Dropbox also has a native Linux client
- Amazon S3 using S3FS works well also
Another option is to commit your backups to a remote git repository.
I would suggest something like Bitbucket over Github as it offers free private repositories whereas Github charges you for private repos. You certainly don’t want others able to clone your encrypted data and attack it locally, or store it and wait for some kind of GPG exploit to show up.
Here’s the Github code.