Monday, 11 June 2007

Backup to an Encrypted Disk

For external backup, I got a nice encrypted disk setup. Well, I don't know about "nice", but it works and it's easy enough for me to use. Basically, I took an old 80GB IDE drive, bought a cheap ($15 cdn) external drive enclosure, setup a LUKS/dm-crypt partition on it, an ext filesystem on that, and away we go!

The drive enclosure is basically just a tin shell you stuff the drive into with two plugs (one for power, one for USB), a switch, and an LED. That's it. Once the drive is in there, flip it on, then hook it up to the computer. This turns out to be very important, on my workstation, if I connected it to the computer, then flipped it on, Linux would spew some cryptic error in dmesg and then ignore the drive. I had to have the drive on and ready before plugging it in to the computer. Quirks aside, I basically have an 80GB USB drive. Very nice.

So for setting up drive encryption, I roughly followed this. And by roughly followed, I meant that I didn't recompile my kernel (how very 1999), I just loaded the aes and dm-crypt modules and then in the last step, I used the correct syntax for closing the device (cryptsetup luksClose <name>, not luksClose /dev/mapper/<name>).

Basicallly, setting up the drive encryption was easy:
  1. Wipe the drive (with random data),

  2. create a partition,

  3. run cryptsetup luksSetup on the partition to create the encrypted volume,

  4. initialize the encrypted volume with cryptsetup luksOpen,

  5. create the file system,

  6. mount the file system and enjoy!



Well, okay, it's hardly like boiling water, but once it is setup, it is slightly easier. Before mounting the drive, you just run cryptsetup luksOpen and after unmounting the drive, it is cryptsetup luksClose.

So the last question is: How slow is it? Well, not to put too fine a finger on it, but it's fucking slow. The initial rsync to local un-encrypted disk as mentioned in my earlier post takes about an hour. The rsync to the encrypted disk? Well, I don't know but it was over eight hours, less then fourteen hours. So it appears roughly an order of magnitude slower. Fortunately, not bad since I'm only going to be doing it once a month or so. An hour is okay, but man, I wouldn't want to be doing it on a larger volume.

But there you have it. Encrypted external backups for $15.

No comments:

Post a Comment

Popular Posts