Comments on: Duplicity + Amazon S3 = incremental encrypted remote backup http://www.brainonfire.net/2007/08/11/remote-encrypted-backup-duplicity-amazon-s3/ Tim McCormack, distilled. Wed, 08 Oct 2008 02:42:54 +0000 http://wordpress.org/?v=2.6 By: brian baggett dot com » Ubuntu Roundup: backups, encryption, and what’s new http://www.brainonfire.net/2007/08/11/remote-encrypted-backup-duplicity-amazon-s3/#comment-24420 brian baggett dot com » Ubuntu Roundup: backups, encryption, and what’s new Mon, 04 Feb 2008 02:15:42 +0000 http://www.brainonfire.net/2007/08/11/remote-encrypted-backup-duplicity-amazon-s3/#comment-24420 [...] Incremental (and encrypted) backups for your filesystem to Amazon’s S3 with duplicity. Read more here and here. [...] [...] Incremental (and encrypted) backups for your filesystem to Amazon’s S3 with duplicity. Read more here and here. [...]

]]> By: Tim McCormack http://www.brainonfire.net/2007/08/11/remote-encrypted-backup-duplicity-amazon-s3/#comment-21978 Tim McCormack Thu, 10 Jan 2008 03:56:22 +0000 http://www.brainonfire.net/2007/08/11/remote-encrypted-backup-duplicity-amazon-s3/#comment-21978 @David: I Googled "InvalidAccessKeyId" and found a couple of threads that indicate that it is a sporadic error on Amazon's side. @David: I Googled "InvalidAccessKeyId" and found a couple of threads that indicate that it is a sporadic error on Amazon's side.

]]> By: David http://www.brainonfire.net/2007/08/11/remote-encrypted-backup-duplicity-amazon-s3/#comment-18808 David Sat, 08 Dec 2007 20:46:17 +0000 http://www.brainonfire.net/2007/08/11/remote-encrypted-backup-duplicity-amazon-s3/#comment-18808 Getting the following message: No signatures found, switching to full backup. Traceback (most recent call last): File "/usr/bin/duplicity", line 425, in if __name__ == "__main__": with_tempdir(main) File "/usr/bin/duplicity", line 421, in with_tempdir fn() File "/usr/bin/duplicity", line 414, in main if not sig_chain: full_backup(col_stats) File "/usr/bin/duplicity", line 150, in full_backup bytes_written = write_multivol("full", tarblock_iter, globals.backend) File "/usr/bin/duplicity", line 94, in write_multivol backend.put(tdp, dest_filename) File "/usr/lib/python2.5/site-packages/duplicity/backends.py", line 724, in put self.bucket = self.conn.create_bucket(self.bucket_name) File "/usr/lib/python2.5/site-packages/boto/s3/connection.py", line 103, in create_bucket raise S3ResponseError(response.status, response.reason, body) boto.exception.S3ResponseError: S3ResponseError: 403 Forbidden <Code>InvalidAccessKeyId</Code>The AWS Access Key Id you provided does not exist in our records.D87F724E05EC9FADID18Z1BSNQWF5XCTYWC3R2CuO/qHmT4X1SluELB6qD9K7mZnacGbRDP0ou8btTqu3vKk63EMkkjzbjdoR+FUnX Even though I am using correct ID and Secret Key Any ideas Getting the following message:
No signatures found, switching to full backup.
Traceback (most recent call last):
File "/usr/bin/duplicity", line 425, in
if __name__ == "__main__": with_tempdir(main)
File "/usr/bin/duplicity", line 421, in with_tempdir
fn()
File "/usr/bin/duplicity", line 414, in main
if not sig_chain: full_backup(col_stats)
File "/usr/bin/duplicity", line 150, in full_backup
bytes_written = write_multivol("full", tarblock_iter, globals.backend)
File "/usr/bin/duplicity", line 94, in write_multivol
backend.put(tdp, dest_filename)
File "/usr/lib/python2.5/site-packages/duplicity/backends.py", line 724, in put
self.bucket = self.conn.create_bucket(self.bucket_name)
File "/usr/lib/python2.5/site-packages/boto/s3/connection.py", line 103, in create_bucket
raise S3ResponseError(response.status, response.reason, body)
boto.exception.S3ResponseError: S3ResponseError: 403 Forbidden

InvalidAccessKeyIdThe AWS Access Key Id you provided does not exist in our records.D87F724E05EC9FADID18Z1BSNQWF5XCTYWC3R2CuO/qHmT4X1SluELB6qD9K7mZnacGbRDP0ou8btTqu3vKk63EMkkjzbjdoR+FUnX

Even though I am using correct ID and Secret Key

Any ideas

]]> By: randy http://www.brainonfire.net/2007/08/11/remote-encrypted-backup-duplicity-amazon-s3/#comment-17719 randy Fri, 16 Nov 2007 01:02:27 +0000 http://www.brainonfire.net/2007/08/11/remote-encrypted-backup-duplicity-amazon-s3/#comment-17719 It would also keep it private from anyone sniffing the network traffic as well. And this key is soley for the backup. I suppose one could blowfish the passphrase, store the encrypted string in a configuration file, write a small C/C++ application with the blowfish enryption/decryption key hard coded in the source and call that form the shell script. export PASSPHRASE=$(/usr/local/bin/gpg-passphrase-fetcher) Heck, you might as well write a C/C++ (or anyother compiled language) wrapper script rather than use the shell. I've implimented other security measures to keep my server private and safe. If someone breaks in and gets access to my gpg passphrase located in one root owned file, my data sitting on S3 is the least of my worries. It would also keep it private from anyone sniffing the network traffic as well. And this key is soley for the backup.

I suppose one could blowfish the passphrase, store the encrypted string in a configuration file, write a small C/C++ application with the blowfish enryption/decryption key hard coded in the source and call that form the shell script.

export PASSPHRASE=$(/usr/local/bin/gpg-passphrase-fetcher)

Heck, you might as well write a C/C++ (or anyother compiled language) wrapper script rather than use the shell.

I've implimented other security measures to keep my server private and safe. If someone breaks in and gets access to my gpg passphrase located in one root owned file, my data sitting on S3 is the least of my worries.

]]> By: Tim McCormack http://www.brainonfire.net/2007/08/11/remote-encrypted-backup-duplicity-amazon-s3/#comment-17718 Tim McCormack Fri, 16 Nov 2007 00:23:59 +0000 http://www.brainonfire.net/2007/08/11/remote-encrypted-backup-duplicity-amazon-s3/#comment-17718 @randy: That's... not quite optimal from a security standpoint. I suppose it's fine if you generate a key *just* for encrypting your S3 backup, and the only reason you are encrypting is to keep the data safe from rogue employees at Amazon. @randy: That's... not quite optimal from a security standpoint. I suppose it's fine if you generate a key *just* for encrypting your S3 backup, and the only reason you are encrypting is to keep the data safe from rogue employees at Amazon.

]]> By: randy http://www.brainonfire.net/2007/08/11/remote-encrypted-backup-duplicity-amazon-s3/#comment-17716 randy Fri, 16 Nov 2007 00:14:01 +0000 http://www.brainonfire.net/2007/08/11/remote-encrypted-backup-duplicity-amazon-s3/#comment-17716 You can export the PASSPHRASE environment variable in your script and avoid typing it in on the command line. GPG will read that. You can export the PASSPHRASE environment variable in your script and avoid typing it in on the command line. GPG will read that.

]]>