I’ve been using Jungle Disk to do offsite backups of my data. Jungle Disk uses Amazon’s cheap online storage service, Amazon S3, to host backups. (15 cents a gig per month!) I don’t like Jungle Disk because it’s not open source and because the app is a little clunky, at least on Linux. I recently found that s3cmd could do an rsync-like sync of a directory. That’s cool, but it doesn’t do encrypted backups like Jungle Disk did. In this post, I’ll demonstrate how to make an encrypted backup of locally unencrypted data using EncFS, Amazon S3, and s3cmd.

Enter EncFS. EncFS transparently encrypts files with AES encryption from a FUSE mountpoint to a local directory. That means I could have an encrypted directory, like /home/user/encrypted, and a encfs mountpoint at /home/user/unencrypted. The unencrypted directory would contain all the plaintext (unencrypted) data, and the encrypted directory would contain a mirror of the unencrypted directory’s directory structure as well as all of the individual files, except that the file names and contents have been encrypted. (Note that this could be a disadvantage of EncFS depending on your needs: the files contents and filenames have been scrambled, but an attacker who has accessed your data still encypted can still see approximate file sizes, approximate file name lengths, and file attributes. Jungle Disk shares these disadvantages with its encryption.) More on EncFS here…

You might already see how EncFS can make it really easy to back up your encrypted data without any hassle, but what about if you already have a ton of unencrypted files which you don’t care to encrypt on your local disk? Well EncFS has a cool little “reverse” mode that lets you create an encrypted mountpoint from an unencrypted directory, suitable for rsyncing against, or in this case, for using s3cmd sync with.

How to do it

Before you get started, you have to have an Amazon S3 account. You can sign up here if you’re not signed up already. You should also have a modern Linux distro with FUSE, as well as encfs and the s3cmd utility. Now lets go to a terminal and configure s3cmd:

sharp@blue:~$ s3cmd --configure

Enter new values or accept defaults in brackets with Enter.
Refer to user manual for detailed description of all options.

Access key and Secret key are your identifiers for Amazon S3
Access Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Secret Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Encryption password is used to protect your files from reading
by unauthorized persons while in transfer to S3
Encryption password: (just hit enter, if you want)
Path to GPG program [/usr/bin/gpg]: (hit enter)

When using secure HTTPS protocol all communication with Amazon S3
servers is protected from 3rd party eavesdropping. This method is
slower than plain HTTP and can't be used if you're behind a proxy
Use HTTPS protocol [No]: Yes

New settings:
  Access Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  Secret Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  Encryption password:
  Path to GPG program: /usr/bin/gpg
  Use HTTPS protocol: True
  HTTP Proxy server name:
  HTTP Proxy server port: 0

Test access with supplied credentials? [Y/n] y
Please wait...
Success. Your access key and secret key worked fine  


Now verifying that encryption works...
Not configured. Never mind.

Save settings? [y/N] y
Configuration saved to '/home/sharp/.s3cfg'

You may have noticed my access key and secret key blocked out with Xs. These are unique to your account and can be found at this page. Now that s3cmd is configured and working, we can make a bucket to keep our backup. (You can keep multiple backups per bucket.) Keep in mind that nobody else on S3 may be using the same bucket name, so you’ll have to pick one thats unique. This is because lots of S3 users make whatever content is in their buckets public (although the default is to keep it private.) So lets create our bucket:

......

Please access the below link to view the full content.

Original link: http://sharph.net/2008/12/encryp...