[CentOS] Asymmetric encryption for very large tar file

Thu Dec 18 17:02:17 UTC 2014
Les Mikesell <lesmikesell at gmail.com>

On Thu, Dec 18, 2014 at 10:41 AM, wwp <subscript at free.fr> wrote:
>>
>> I would rather work on single files or tars on directory basis. Using a
>> single big file creates a very "large" single point of failure.
>> Or use an encrypted file system (of course, also a single point of
>> failure, but probably better handling).
>
> The bad points with using an encrypted fs maybe in the OT case, is that
> to move the encrypted file to somewhere else, you need to move the
> hardware containing the fs :-(.

Which might be as simple as swapping a USB key or portable drive.

> Also, it doesn't allow changing the
> encryption key very often. I think an encrypted fs addresses other
> security/confidentiality issues, but then the OT should be more precise
> about his needs/the context.

Yes, how the backup copies will be managed after encryption would have
a lot to do with picking the most convenient approach.  One thing that
would be possible on an encrypted file system would be using a backup
approach that stores multiple copies, de-dupinng unchanged files as
you can do with rsync, rdiff-backup, backuppc, etc.  Those can only
work if the software involved sees the unencrypted files.

-- 
   Les Mikesell
      lesmikesell at gmail.com