Secure Backup with Duplicity and PGP in Ubuntu 20.04 LTS
Secure Backup with Duplicity and PGP in Ubuntu 20.04 LTS
devops
In this article, we are going to learn to take secure backup using Duplicity and PGP. Backup is being encrypted with a single key pair and we will restore it with that encrypted key or key-id.
Duplicity is a software utility that helps to take an encrypted backup using PGP (Pretty Good Privacy), that creates digitally signed, versioned, local, or remote backup of files. Duplicity also supports many protocols like SSH/SCP, Rsync, FTP, DropBox, Amazon S3, Google Docs, Google Drive, local file system, One Drive, and many more.
Prerequisites
- We need two servers with Ubuntu 20.04.
a. Host Server
b. Backup Server - Root privileges
Step 1: Checking Duplicity version
First, we have to check if the duplicity utility is installed or not by using this command.
$ duplicity -V
Output
$ duplicity 0.8.12
Note: if duplicity is not installed on your system, then you have to follow these commands.
Step to Install Duplicity
1.1 First Install PHP libraries
$ sudo apt-get install ncftp python3-paramiko python-pycryptopp lftp python3-boto python3-dev librsync-dev
1.2 Install Duplicity Utility
$ sudo apt-get install duplicity -y
Step 3: Generate a GPG key to encrypt data
We will generate a GPG key for encrypting our data it will provide us an additional layer of security for our backups run the following command to create your PGP or GPG key. When you are creating a key it will ask some details like passphrase, email, your name, e.t.c.
$ gpg --gen-key
Output
pub rsa3072 2021-04-29 [SC] [expires: 2023-04-29] FA860C210B50D18623C19A59D895F0A0D894CA36 (this is your public key or ID) uid [ultimate] Test key test@yahoo.com sub rsa3072 2021-04-29 [E] [expires: 2023-04-29]
Note: Remember the passphrase you entered at the time of creating the key.
Step 4: Verifying Key
It will list down all the created GPG keys.
$ gpg --list-keys
Step 5: Create a backup directory on the backup server
It will have the all encrypted files which we will backup.
$ mkdir backup
Step 6: Perform Backup manually
We will use duplicity here to perform encrypted backup manually here we will provide our GPG key id to encrypt our backup with GPG key and also give a source file path and destination file path with the backup server IP address.
$ duplicity --encrypt-key FA860C210B50D18623C19A59D895F0A0D894CA36 /test_files/ sftp://root@(server-ip-address)//home/ubuntu/backup.
Note: when you are performing a backup it will ask a passphrase remember the passphrase.
Output
Local and Remote metadata are synchronized, no sync needed.
Last full backup left a partial set, restarting.
Last full backup date: may 4 12:06:52 2020
RESTART: The first volume failed to upload before termination.
Restart is impossible…starting backup from beginning.
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: none
No signatures found, switching to full backup.
--------------[ Backup Statistics ]--------------
StartTime 1596110992.57 (Thu Jul 30 12:09:52 2020)
EndTime 1596111062.63 (Thu Jul 30 12:11:02 2020)
ElapsedTime 70.06 (1 minute 10.06 seconds)
SourceFiles 13313
SourceFileSize 777994890 (742 MB)
NewFiles 13313
NewFileSize 777994890 (742 MB)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 13313
RawDeltaSize 772067520 (736 MB)
TotalDestinationSizeChange 318263295 (304 MB)
Errors 0
Step 7: Verify the backup
By this command we can verify our backups is created or not it will give us all the details regarding to backup files or directories.
$ duplicity --encrypt-key FA860C210B50D18623C19A59D895F0A0D894CA36 collection-status sftp://ubuntu@(server-ip-address)//home/ubuntu/backup/
Step 8: Verify all the backed up files are there or not
It will show all the backed up files from the backup server where you can verify the files by there name and size.
$ duplicity --encrypt-key FA860C210B50D18623C19A59D895F0A0D894CA36 list-current-files sftp://ubuntu@(server-ip-address)//home/ubuntu/backup/| less
Step 9: Restore your backup files or directory
If you want to restore some file or folder so you can restore it by using these switches –file-to-restore and the give the file name which you want to restore.
$ duplicity --encrypt-key FA860C210B50D18623C19A59D895F0A0D894CA36 --file-to-restore (file name) sftp://ubuntu@(server-ip-address)//home/ubuntu/backup
Note: It will restore a single file or a directory only this command will not restore full backup.
Step 10: Restore complete backup
It will restore all the backup which will be in the backup folder regarding directories and other files.
$ duplicity --encrypt-key FA860C210B50D18623C19A59D895F0A0D894CA36 sftp://ubuntu@//path_of_the_backup_directory.
Comments (6)
Mark
Thanks for your blog, nice to read. Do not stop.
Code Herb
What remarkable phrase
Virtual Local Numbers
Quite right! I like this idea, I completely with you agree.
viagra from canada
Wonderful blog! Do you have any tips and
hints for aspiring writers? I’m planning to start my own site soon but
I’m a little lost on everything. Would you advise starting with a free
platform like WordPress or go for a paid option? There are so many choices out
there that I’m completely confused .. Any suggestions? Appreciate
it!
drugstore online
There is certainly a great deal to learn about this issue.
I love all of the points you’ve made.
buy erectile dysfunction pills
That is very attention-grabbing, You’re an overly professional
blogger. I’ve joined your feed and sit up for in search of extra of your magnificent
post. Additionally, I have shared your web site in my social
networks
Comments are closed.