Encrypted Dropbox Backups

Data backups are probably one of the most annoying topics in the world of computers. Yet they are a necessity if you want to minimize your risk of data loss. There is tons of commercial products that do the job and probably more strategies employed than people living on earth.
So I just want to describe my approach and if someone comes across this I am happy to hear about your opinion in the comments!

I generally divide of all the files on my computer in three tiers:

  • Completely reproducible: Everything that is reproducible with low or no effort. For example all the stuff that comes with a Linux distro, binaries, etc.
    This tier obviously needs no backup.
  • Large non-reproducible files: Music, Pictures, Movies, etc. Everything that I want to keep but it’s too large to just keep it in a Dropbox folder or something comparable.
  • Small non-reproducible files: Mostly documents like invoices, CVs, config files. These files are small and thus easier to handle in terms of backup.

So with two different tiers of files that need backups I also have two different strategies that I use:

External hard drive Backups

I have a little one liner shell script that just calls rsync with a couple of parameters and creates a copy of all the files in my home folder. The files in the exclude list file are skipped, for example the “Downloads” folder where I generally have large stuff that I don’t really need lying around. Have a look at the script here.

There are two Problems with this approach:
First: It’s not technically a backup, it’s just a copy. A “real” backup has to be incremental, such that I could go back to any snapshot I ever took. With a copy if you ever damage an original file and run a backup that file is lost. But I decided that it is good enough for me.
Second: It’s not off site. It does not protect my data from a fire or a very thorough thieve who steals both my computer and the external hard drive.

Encrypted Dropbox Backups

Dropbox is a service that I guess many people use for file backup and it’s great and easy to use, but unfortunately in the post-Snowden era we have to assume that everything that is on Dropbox is readable for at least the US-Government agencies. If you properly encrypt your data before you send it to Dropbox however you’re good to go.
That is if we assume that the employed encryption algorithm is unbroken. If you followed the Snowden revelations you might feel uneasy to trust any kind of encryption, but just as Bruce Schneier says: I trust the mathematics.

So I wrote a little script that collects all those smaller files I want to backup, packs them into a tar-gzip archive with a time stamp in the filename, passes this to gpg, which uses the CAST5 Algorithm to encrypt the tar file using a user supplied password.
Finally, the encrypted file is moved to the Dropbox directory and thus automatically uploaded to Dropbox. Have a look at the script here.

I don’t have s strict rule when I execute those script, I just do it sometimes when I think of it, which obviously is not optimal and I will try to find a doable way of doing it more regularly.

So that’s it, please let me know what you think about this in the comments or describe your approach.

This entry was posted in Linux and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s