[OpenIndiana-discuss] Sending our zpool offsite using encrypted USB HDDs
Thorsten Heit
thorsten.heit at vkb.de
Wed Aug 29 08:37:21 UTC 2012
Hi,
> Reliability is assured, so you can sleep peacefully. Send streams are
> AFAIK checksummed too, so no need to worry about your bits getting
> corrupted on the way. Anyway, you can always just use something like GPG
> which hashes the encrypted output by default and checks integrity on
> decryption, something like this:
>
> # zfs send fs at snapshot | gpg -c --cipher-algo AES --digest-algo SHA512 >
> /media/usb/stream.gpg
I'd recommend to compress the stream before encryption. It not only
contains the plain data, but also lots of (compressable) metadata. I.e.
# zfs send fs at snapshot | bzip2 -z -c | gpg -c --cipher-algo AES
--digest-algo SHA512 > /media/usb/stream.gpg
HTH
Thorsten
More information about the OpenIndiana-discuss
mailing list