Hi guys:
I've been trying to find information about how to encrypt a backup to tape (I'm using a couple of simple commands: tar, find | backup), I didn't find a real example of how to do that, just a couple of white papers and information about the methods that use the backup, policies, etc.
I don't know also if there's a free-cost solution and the solutions presented has the problem that I need an intermediate server (for example using TKM Tivoli Key Manager), so in a case of a real recovery I will need this server for restoration. I don't want a complex solution, since I only have one tape drive (and one backup), I just need to encrypt one tape and have a simple solution to restore it in another site (without the fear that if the tape is stolen, somebody could restore).
Does exists a solution like that? Any recommendations will be welcome.
Make sure you have the secret key stored securely and you are able to recover that by another method, i.e. not from the tape you just encrypted it on to.
Don't laugh, but I've been on a recovery test where we had to connect back to the live servers to get the key. Not great seeing as we were pretending that we'd had an incident meaning all our live servers were dead.
backup is one thing, but making sure you can restore is quite another - and rather useful to prove.
Thanks for your suggestions guys, I found this alternative once and works very well, the problem is that tar supports files under 2GB, and the filesystems backed up with restore are very, very big (some files more than 200GB) I did a test once with openssl and simply doesn't works.
Also since encryption add time to encrypt using another tool, maybe it's time to consider something native like IBM tape encryption solution or more.
Thanks anyway, I'd like to keep open this post and I'll be posting the advance.
You can try pax, the Posix tar.
It still has restrictions regarding the length of a file name.
E.g. dirpath <= 150 characters and filepath <= 100 characters.
But no restrictions on UIDs or file size.
A comparison:
Create archive on stdin:
List archive from stdin:
Extract archive from stdin:
A test run:
tells about these and more options.
This User Gave Thanks to MadeInGermany For This Post:
Thanks for your suggestions guys, I found this alternative once and works very well, the problem is that tar supports files under 2GB, and the filesystems backed up with restore are very, very big (some files more than 200GB) I did a test once with openssl and simply doesn't works.
Understood. But notice that in Neos method every piece has a certain, distinct role:
Quote:
Originally Posted by Neo
From this it follows that you just have to change the component which doesn't do its job according to specification - in this case the tar - and everything else can be left the same. Take any program that:
- can cope with 200GB-files
- doesn't create a file but can be told to write to stdout (like tar f -)
and you are good to plug that in instead of tar. pax, as suggested by MadeInGermany is such a program, but you surely can find others too. This is why creating software in small, distinct pieces instead of one big kludge is such a great idea. If the process above would have been done in one complex program you can either take that or leave it completely. Now you just change the one component and are again ready to go.
Hi all,
I'm looking for secure file encryption tools that use MAC address as encryption key. FYI, I'm using Red Hat Enterprise Linux OS.
For example: when A wants to send file to B
A will encrypt the file with B's computer MAC/IP address as an encryption key
This file can only be decrypted... (2 Replies)
I am trying to use this command to eject the tape
mt -f /dev/rmt/0 unload
but it gives me error
mt -f /dev/rmt/0 unload
mt: 0511-575 unload is not a recognized subcommand.
Usage: mt Subcommand
Valid subcommands are:
weof
eof
fsf
bsf
... (5 Replies)
I am using a 4mm tape to backup my Unix system. However, I wanted to make a copy all of the files and archive headers (or just the archive headers if that's possible) created on one of my tapes to another 4mm tape. I only have one tape drive. Is there a command that will complete such task? ... (1 Reply)
Hello,
We need to make a copy of a backup tape, using the 2 tape recorders in IBM 3582 Tape Library
We tried tu use "tcopy", it seems to work fine (no error messages) but we aren't sure if we can rely on it.
my question is how to check if the copy succeded or not, but i also want to know... (3 Replies)
when I do a tape status /dev/rStp0 I get the following on a new tape and I have tried several:
Status : ready beginning-of-tape
soft errors : 0
hard errors: 2
underruns: 5
My BackupEdge has stopped backing up my system because it asks for a new volume yet my total system data is under 20... (5 Replies)
Hi there: I'm new here
Can anyone help me:
I have DS15 Alpha server : Unix 5.1B
Now i need to connect a DLVT VS80 1U Rackmount Tape Drive unit.
What is the exact comman to mount the DLTape IV??
How do i make backuo @ copy file to the tape?
Thanx to all (0 Replies)
Hi,
I' using a sun solaris server, I would like to known if there is the possibility to control how many space is free on a tape and how I can delete a single file on a tape.
Thanks
DOMENICO (3 Replies)
My dilemma,
I need to send, deemed confidential, information via e-mail (SMTP). This information is sitting as a file on AIX. Typically I can send this data as a e-mail attachment via what we term a "mail filter" using telnet. I now would like to somehow encrypt the data and send it to a e-mail... (1 Reply)