CrackerJackMack
commented
11 years ago In thinking about this more and more I find that this would be overly complex for a backup script. Honestly, using eCryptFS seems a much more suitable solution and backing up the encrypted directory instead of managing remote key pairs and and handling file size differences on any scale.
locally encrypt the file contents before uploading it.
this creates some problems from a backup script perspective:
Since both absolutes are different we will always have to encrypt the file locally for comparison. This will result in much higher CPU load. Another option is to store the un-encrypted size/md5sum in the metadata of the object, but this will result in additional round trips to object storage.
What is the encryption key? Stored in config? Requested each run?
Thoughts/Concerns?