WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Use encrypted backup  (Read 7035 times)

Offline Xianwen Chen

  • Full Member
  • ***
  • Posts: 142
Use encrypted backup
« on: April 27, 2012, 02:31:28 AM »
Hi,

I couldn't get encrypted backup to work. Can someone help?

I first added protect to the boot code. Then I use bcrypt to encrypt the mydata.tgz before rebooting. I used the same password after rebooting, but files were not extracted. Any hint please?


Offline netnomad

  • Hero Member
  • *****
  • Posts: 1026
Re: Use encrypted backup
« Reply #1 on: April 27, 2012, 04:34:38 AM »
hi friend,

your password is used with quotes,
that means, if you use the word secret as your password, the protected mode uses "secret",
the password in quotes for the encryption.
i mentioned this subject a couple of times in the forum...
it's so easy to misunderstand the process the backup is encrypted and confuses especially novice users.

http://forum.tinycorelinux.net/index.php/topic,12455.msg67387.html#msg67387
http://forum.tinycorelinux.net/index.php/topic,12351.msg66580.html#msg66580

have fun to encrypt and decrypt your files!
« Last Edit: April 27, 2012, 02:23:25 PM by netnomad »

Offline roberts

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 7361
  • Founder Emeritus
Re: Use encrypted backup
« Reply #2 on: April 28, 2012, 12:39:31 PM »
It is not the intended use to manually encrypt the backup. It is done automagically by use of the boot code.
10+ Years Contributing to Linux Open Source Projects.

Offline Xianwen Chen

  • Full Member
  • ***
  • Posts: 142
Re: Use encrypted backup
« Reply #3 on: April 29, 2012, 12:36:23 AM »
hi friend,

your password is used with quotes,
that means, if you use the word secret as your password, the protected mode uses "secret",
the password in quotes for the encryption.
i mentioned this subject a couple of times in the forum...
it's so easy to misunderstand the process the backup is encrypted and confuses especially novice users.

http://forum.tinycorelinux.net/index.php/topic,12455.msg67387.html#msg67387
http://forum.tinycorelinux.net/index.php/topic,12351.msg66580.html#msg66580

have fun to encrypt and decrypt your files!

Thanks a lot netnomad.

However, it didn't work.

Offline Xianwen Chen

  • Full Member
  • ***
  • Posts: 142
Re: Use encrypted backup
« Reply #4 on: April 29, 2012, 12:38:33 AM »
It is not the intended use to manually encrypt the backup. It is done automagically by use of the boot code.

Thanks Robert,

I specified protect in the boot code and a password was input. However, filetool.sh -b wouldn't create an encrypted backup. Is there something I am missing?

Offline roberts

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 7361
  • Founder Emeritus
Re: Use encrypted backup
« Reply #5 on: April 29, 2012, 01:38:19 PM »
Upon initial use of "protect" it will not find any backup file via automatic scanning. One must use the "restore" boot option.

If starting new then upon normal shutdown or backup the backup file will be encrypted.

However, if you already have an existing backup, mydata.tgz, then, of course, "protect" will not load it.
Therefore you must manually load it via:

$ sudo tar -C / -zxvf /path/to/mydata.tgz

Then upon shutdown/backup it will be encrypted.
Subsquent booting and shutdown will work as expected and the restore boot option is no longer required.
10+ Years Contributing to Linux Open Source Projects.

Offline Xianwen Chen

  • Full Member
  • ***
  • Posts: 142
Re: Use encrypted backup
« Reply #6 on: April 29, 2012, 08:27:41 PM »
Thanks Robert,

I use boot Core Linux from a USB disk. Here is my menu.lst for GRUB:

Code: [Select]
default 0
timeout 10

title Core Linux
kernel /tcl/vmlinuz tce=UUID=01503e74-9aae-40cb-96f0-8164b891c652 waitusb=3 restore=UUID=01503e74-9aae-40cb-96f0-8164b891c652 tz=MST7MDT,M3.2.0,M11.1.0 kmap=dvorak/ANSI-dvorak host=foo.bar text cron protect
initrd /tcl/core.gz
boot

I was asked to input password twice after kmaps was loaded. Then, a clean system showed up since I moved mydata.tgz (and since it wouldn't be loaded anyway). I ran filetool.sh -b but the resulted archive is not encrypted. I tried to move option protect right after /vmlinuz but it didn't help. Does it have something to be with the way I specify restore (using UUID)?

Offline roberts

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 7361
  • Founder Emeritus
Re: Use encrypted backup
« Reply #7 on: April 29, 2012, 08:35:19 PM »
Try filetool.sh -b sdxy

where xy are what your uuid maps to.
10+ Years Contributing to Linux Open Source Projects.

Offline Xianwen Chen

  • Full Member
  • ***
  • Posts: 142
Re: Use encrypted backup
« Reply #8 on: April 30, 2012, 12:10:37 PM »
Hi Robert,

Thanks. I used filetool.sh -b sdc1 and mydata.tgz was generated. Is there some temporary file which saves encryption configuration I can look into?

Offline roberts

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 7361
  • Founder Emeritus
Re: Use encrypted backup
« Reply #9 on: April 30, 2012, 12:30:55 PM »
First using the uuid did not play into the protect backup. What happens is when you have an existing mydata.tgz and you use the protect boot code, it will not find the encrypted backup, mydata.tgz.bfe, as it has not been created yet. Because the system did not find it /etc/sysconfig/backup_device never gets set. That is why filetool.sh -b did not work and required the extra parameter.

« Last Edit: April 30, 2012, 12:43:40 PM by roberts »
10+ Years Contributing to Linux Open Source Projects.

Offline Xianwen Chen

  • Full Member
  • ***
  • Posts: 142
Re: Use encrypted backup
« Reply #10 on: April 30, 2012, 01:20:48 PM »
Thanks Robert,

But filetool.sh -b sdc1 only generated a mydata.tgz, not mydata.tgz.bfe.

Offline roberts

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 7361
  • Founder Emeritus
Re: Use encrypted backup
« Reply #11 on: April 30, 2012, 04:11:11 PM »
Not able to reproduce. I use encrypted backup on some of my machines. Check /etc/sysconfig/bfe and showbootcodes before filetool.sh command. filetool.sh has a test for the existence of /etc/sysconfig/bfe in order to perform the encryption.
10+ Years Contributing to Linux Open Source Projects.

Offline Xianwen Chen

  • Full Member
  • ***
  • Posts: 142
Re: Use encrypted backup
« Reply #12 on: April 30, 2012, 04:56:34 PM »
Thanks Robert,

/etc/sysconfig/bfe is missing when protect is specified. Can it be because UUID was specified other than sdxy, start-up script cannot generate /etc/sysconfig/bfe?

Offline roberts

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 7361
  • Founder Emeritus
Re: Use encrypted backup
« Reply #13 on: April 30, 2012, 07:48:12 PM »
I think the answer you seek is the comments at the beginning of the filetool.sh
Code: [Select]
# Added ideas from WDef for invalid device check and removal of bfe password upon failure
The failure to restore caused the removal. Not the use of UUID.

This could be improved. I wil look to do so.
10+ Years Contributing to Linux Open Source Projects.

Offline roberts

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 7361
  • Founder Emeritus
Re: Use encrypted backup
« Reply #14 on: May 02, 2012, 03:04:03 AM »
Good. UUID or LABEL should be no problem when used with "protect".

After looking at the code and the mod to remove bfe upon failure, I have determined that the failure should not happen when no initial mydata.tgz.bfe exists. The removal was suggested as a security feature. But then it overly complicates when first trying to use "protect". I am adjusting filetool.sh so that initial use will be easier to use.

Thanks for feedback.
10+ Years Contributing to Linux Open Source Projects.