I am trying to encrypt our tape backups, using tar and openssl but also write to a local file, so far I have :
tar --total -czp ./tmp ./home | tee /tmp/Archive.tar.gz | tee > /dev/nst0
I'm not sure if this is the correct tee
sytax but it works, because
tar -tzvf /dev/nst0
and
tar -tzvf /tmp/Archive.tar.gz
give the correct results.
However if I try to add encryption using openssl :
tar --total -czp ./tmp ./home | openssl aes-256-cbc -e -salt -pass file:/encrp_file | tee /tmp/Archive.tar.gz | tee > /dev/nst0
I get :
tee: standard output: Invalid argument
tee: write error
I assume that there is something in the output from openssl
that is causing a problem for tee
when it writes to the tape because the file is created properly and if I remove the output to tee
and just send it to the tape it also works.
Any suggestions?
Best Answer
These are the relevant line from my home backup script:
You can just create the backup files and copy them to tape later with
And there are plenty of other possible combinations. I'm using Blowfish Encryption, looks like you're wanting AES, but that's easy to swap out. I know others commonly use GPG instead of OpenSSL. It's also possible to setup asymmetric keys (AES or DSS) to generate a unique session key and prepend that to the file stream, but this is quite a bit more complicated, and makes parsing the encrypted file more complicated as well. But it's very useful for environments where the backup will be shipped off site and you don't want people onsite to be able to tamper with the backups.