NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Can NetBSD cgd be used for encrypted backup?
On Sun, Jun 11, 2017 at 09:27:25PM +0530, Mayuresh wrote:
> On Sun, Jun 11, 2017 at 04:32:02PM +0200, Kamil Rytarowski wrote:
> > > - Can the native cgd of NetBSD be used for the purpose of encrypted
> > > backup? Basically can I mount such filesystem in a way that it shows
> > > encrypted files?
> > >
> >
> > I use cgd(4) devices for encrypted backup.
>
> Ok, you mean, I can mount it such that it shows encrypted files?
cgd is an encrypted disk, not a file system. I encrypts/decrypts disk
blocks when reading/writing, it does not know about files at all.
I have used cgd for remote encrypted backups in the past:
- remote offers a "partition" as iscsi device
- via iscsi the remote partition shows up as (say) sd0 on my machine
- I (locally) configure cgd to use sd0c (or sd0d)
- all crypto setup stays local, remote has no way to decrypt the data
- when doing a backup I bring up iscsi, configure cgd, mount the cgd
disk and rsync all changes over, then unconfigre cgd and disconnect
iscssi
In my case it was a company setup, I had to comply with "need to have
automatic backups at *this* facility" policy, but I did not trust admis
at that facility. I kept a printout of the cgd setup in a off-site safe.
There are certainly various other ways to do something similar.
Martin
Home |
Main Index |
Thread Index |
Old Index