Solved

Secure Backup software with asymmetric encryption RSA, openSSL

Posted on 2014-09-23
6
406 Views
Last Modified: 2014-12-08
Hi,
I need backup solution/software to backup data on usb keys and secure it with public key,
asymmetric  encryption.
I know how to create public/private key, how to encrypt/decrypt single file.
But I dont know how to make script than can encrypt folder with multiple files and move encrypted files  to another location.

Platform is Windows 8

thanks
0
Comment
Question by:Maddogslo
  • 3
  • 2
6 Comments
 
LVL 63

Expert Comment

by:btan
ID: 40340566
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40341914
Best not to - seriously.

Your best bet is to use whole disk encryption on the usb device - PGP sell a version of WDE that uses RSA keys, (actually, pgp keys, so other algos supported) - although symmetric keys are fine for that provided you keep them unique - and once mounted, you can just drag files onto there, and indeed treat the usb drive as you would any other usb device (with the only real difference being once dismounted, the usb will be unreadable without the key to re-mount it)
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40341926
btan's suggestion of 7z is a good one though. while 7z doesn't use asymmetric keys, you could easily write a simple text file to hold a randomly generated symmetric key, use the symmetric key to encrypt an entire directory structure into an archive (optionally hiding the file names) then encrypt the text file with the hybrid scheme of your choice (ssl, pgp, whatever)
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 63

Expert Comment

by:btan
ID: 40341939
indeed manual backup is not going to be very operationally friendly and if script failed - will script be smart enough to recover, and alert instead of skipping and left files not protected yet copy over...too many permutation for own scripting. It is always best to have some sort of NAS / SAN encryption where possible, but cost is a deterrence. However, we cannot be penny wise pound foolish.

...even bitlocker is already some sort of disk encryption and you can identify data volume (if that is the place to store the backup copies. Other similar approach using encrypted volume where a partition is assigned to be encrypted and eventually back it up (there is secure container from truecryp and axcrypt), likewise if it is VM based then it is a file by itself

 ... the incremental and differential backup is challenging for both
0
 

Author Comment

by:Maddogslo
ID: 40341982
We have IronKey USB S250 16GB.

Ironkey is great product, weak point is backup, which is secured/encrypted with user password and can be brute forced.
We need asymmetric encryption, with public 4096 bit key

I used this command OpenSSL to encrypt file, with asymmetric encryption I get problem to decrypt files they are larger then 800MB
smime  -encrypt -aes256  -in archive.zip  -binary  -outform DEM  -out  archive_encrypted.zip  main_public.pem

decrypt command for OpenSSL
smime -decrypt  -in  archive_encrypted.zip  -binary -inform DEM -inkey main_private.pem  -out  arcive_decrypted.zip

I need script or some guidance how:
-  to encrypt  files (all files in selected folders)
-  then compact encrypted files (7zip)
-  then transfer files to NAS (we use Synology)
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 40342281
well, first you want to compress THEN encrypt - encrypted data is not compressible.

but if you look at your own command examples, you will find you are using AES@256 bit for your encryption, and protecting only the key with RSA.  If your script does this explicitly (using "7z a -p" and a pseudorandomly generated password) you then have the simpler task of how to use RSA to protect a short pw string.

you can of course just use "7z a" to create an unencrypted archive then encrypt that archive with openssl (using the command you posted) but you then need sufficient staging space to stage the backup before you can encrypt it. with "7z a -p" you could encrypt and write the 7z archive directly to the nas in a single operation, then just need to securely transfer the password and you are done - and that can even be added into the same 7z archive after it is created, to give you a single-file backup - for that you would be more likely to use rsautl (rather than smime) and supply the password on stdin, with output being to something like <backup-datestamp>.key - which you than use "7z a" (without -p, obviously) to append to your existing backup 7z file. no staging space needed, no certificate needed (you just need the public key) and only decryptable with the aid of the private key (which you will then need to keep very safe :)
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
The article will include the best Data Recovery Tools along with their Features, Capabilities, and their Download Links. Hope you’ll enjoy it and will choose the one as required by you.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question