RFC: Local encryption #16

CrackerJackMack opened this Issue Dec 18, 2012 · 1 comment


None yet
1 participant

CrackerJackMack commented Dec 18, 2012

locally encrypt the file contents before uploading it.

this creates some problems from a backup script perspective:

  • Sizes will be different
  • Checksums will be different

Since both absolutes are different we will always have to encrypt the file locally for comparison. This will result in much higher CPU load. Another option is to store the un-encrypted size/md5sum in the metadata of the object, but this will result in additional round trips to object storage.

What is the encryption key? Stored in config? Requested each run?



CrackerJackMack commented Jun 25, 2013

In thinking about this more and more I find that this would be overly complex for a backup script. Honestly, using eCryptFS seems a much more suitable solution and backing up the encrypted directory instead of managing remote key pairs and and handling file size differences on any scale.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment