AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Duplicacy change encryption password12/23/2023 ![]() Openssl rsa -in private.pem -pubout -out public.pem You can run these commands to generate the private and public key pair: openssl genrsa -aes256 -out private.pem 2048 ![]() Vice versa, you can copy from an RSA encrypted storage to a new storage without RSA encryption:ĭuplicacy add -e -copy default new_storage_name repository_id new_storage_urlĭuplicacy copy -key private.pem -from default -to new_storage_name If you want to switch to the RSA encryption for an existing storage, you can create a new encrypted storage with the RSA encryption enabled and then copy existing backups to the new storage:ĭuplicacy add -e -key public.pem -copy default new_storage_name repository_id new_storage_urlĭuplicacy copy -from default -to new_storage_name You can run the check and prune commands without the RSA private key to manage backups encrypted with the RSA public key. Other commands that take the RSA private key are list, check, cat, diff, and copy.įor the check command, you'll only need the RSA private key with the -files option, which is used to verify the integrity of every file. $ duplicacy restore -r 1 -key private.pem To restore you'll need the RSA private key: File metadata, such as modification times, permissions, and extended attributes are not protected by the RSA encryption (but still protected by the storage password). Note that when the RSA encryption is enabled, only file contents are encrypted by the RSA encryption. You'll see a log message that says RSA encryption is enabled. No extra option is needed when you run the backup command. You can verify if the RSA encryption is turned on by running the info command in the following way: The RSA public key, along with other configuration parameters, will be stored in the file named config which is then uploaded to the storage. The RSA encryption can be only enabled if the storage is encrypted (by the -e option). ![]() $ duplicacy init -e -key public.pem repository_id storage_url To initialize a new encrypted storage with the RSA encryption enabled, run the following command: ![]() Duplicacy with RSA Encryption Initialization Backups can be created as usual, but to restore files you'll need to provide the corresponding private key. The steps to remediate this issue are outlined in GnuPG#Unattended passphrase.Starting from version 2.3.0, you can initialize a storage with an RSA public key. Generally speaking one needs to explicitly allow programs to provide the passphrase to gpg agent instead of prompting the user. If you get gpg errors revolving around “inappropriate ioctl for device” it most likely has to do with changes to the gpg agent behavior from gpg version 2.1 up. Type -P keychain &>/dev/null || " gpg-agent >/dev/null 2>&1 thenĮval "$(cut -d= -f1 -detach-sign test-gpg.txt # Keychain is used to source the ssh-agent keys when running from a cron job # Uses separate encryption and signing keysĭest="scp:////backups/homeserver" Requires duplicity and gpg-agent with the keys and passphrases loaded as root. Some additional command-line options exist for comparing the repository state to the state of the local files, and to delete old snapshots so as to only keep a fixed amount of snapshots or only ones that are newer than a given date. restore file(s) to the state they had on a specific date, rather than to the most recent available snapshot.restore a specific file instead of the whole repository.(A local backup repository would need to be explicitly specified using the file:// protocol prefix!)Īdditional command-line option exist to allow: The URL argument is always treated as the backup repository, and the local path argument as the directory to sync with the backup. Note the reversed ordering of the arguments compared to the backup command above. To restore the local folder /home/me to the state of the last snapshot saved in the remote repository /usr/backup on host other.host, do: fine-tune encryption and signing of the backups.include or exclude specific files and directories from the backup (using shell patterns or regular expressions).Running the exact same command again causes an incremental backup to the existing backup repository.Īdditional command-line options options allow to: $ duplicity /home/me first time this command is run, it will create a full backup. To backup the local folder /home/me to the remote location /usr/backup on host other.host through the scp/ssh protocol, use: Deja Dup - Simple backup tool, that hides the complexity of backing up the Right Way and uses duplicity as the backend.It manages backup job settings in profiles and allows to batch execute commands. Duply - A shell front end for duplicity.2.3 Repository inspection and house-keeping.
0 Comments
Read More
Leave a Reply. |