Bug 4615 - encryption with rsync: using ssh's algorithms?
encryption with rsync: using ssh's algorithms?
Status: NEW
Product: rsync
Classification: Unclassified
Component: core
2.6.9
Other Linux
: P3 enhancement
: ---
Assigned To: Wayne Davison
Rsync QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-05-13 06:26 UTC by Felix Kater
Modified: 2015-03-04 16:53 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Kater 2007-05-13 06:26:52 UTC
For safe backups there is the need to keep the files on another (far) place. This comes with the disadvantage that you need trust that place (which is almoust a contradiction :-)

So, encryption of these files would help so that files are useless for the receiver.

Using rsync via ssh for far backups, this came to my mind: Since ssh as encryption built-in, couldn't it be possible to encrypt the files so that the spawned rsync process (receiving side) does not even decrypt the files but simply saves them? Possibly in the same directory structure.

This would have the advantage over all externally added encryption that rsync *itself* is informed about that, no need to extra decrypt on the receiving side to checksum etc.

Felix
Comment 1 Matthias 2015-03-02 19:54:54 UTC
This is probably not so easy, since the keys which are used for encryption during an SSH session are negotiated in advance to it, are unique for the session (used only once) and get discarded when the session terminates.
Up to my knowledge, rsync does not get in "contact" with the SSH layer, which it is making use of, meaning the session keys are not trivially accessible.

You might want to consider using losetup for transparent encryption, e.g.

 losetup /dev/loop1 backup.file -e aes512

Cheers,Matthias
Comment 2 Shachar Shemesh 2015-03-04 16:53:49 UTC
What you're asking for is currently possible with an external utility, called rsyncrypto (http://rsyncrypto.lingnu.com). It, in fact, does not require you to trust the server you're storing your backups on.