Includes 2 python scripts: - Encrypt mongodump + files - Download encrypted files and verify signature These scripts are meant to be used with cron
Go to file
niko 692a1fa88f updated README 2019-11-18 14:41:48 +01:00
README.txt updated README 2019-11-18 14:41:48 +01:00
backup-files.sh initial commit 2019-11-11 15:18:23 +01:00
backup-mongo.sh initial commit 2019-11-11 15:18:23 +01:00
download.py initial commit 2019-11-11 15:18:23 +01:00
encrypt.py initial commit 2019-11-11 15:18:23 +01:00

README.txt




#
#   INSTALLATION SERVERSIDE
#

- copy encrypt.py, backup-mongo.sh and backup-files.sh to server in /root folder
- edit files so they are configured correctly (dont commit sensitive data)
- set up root crontab using command `crontab -e` (as root) - add following lines:

0 4 * * * /root/backup-mongo.sh
30 4 * * * /root/backup-files.sh





#
#   INSTALLTION CLIENTSIDE
#

- download any time (add cronjob ?) with following syntax:

python3 ./src/download.py \
    --server <ip/domain> \
    --username <ssh user> \
    --key-filename <ssh private key> \
    --server-path <path to download from> \
    --local-path <local target path> \
    --report-to <http url for reporting> \
    --report-token <secret to verify authority> \
    --gpg-recipient <gpg id to verify>






#
#   DECRYPT LOCALLY
#   (tested on debian 9)
#

- disable internet connection
- get private gpg key

- import gpg key
	gpg --import private.key
	gpg --import public.key

- find key id (40 length hex string)
	gpg --list-keys

- trust key (do you trust key storage/transport medium?)
	gpg --edit-key <key-id>
	trust
	5
	y

- install recursive-decrypt package
	sudo apt install signing-party

- add imported key as default key
	insert <key-id> in appropriate place in ~/.gpgdirrc

- decrypt recursively with `gpgdir` (if it fails for a file, the file is probably corrupt anyways - delete it and rin decrypt command again)
	gpgdir -d ./path/to/downloads

- delete gpg keys (very important!)
	gpg --delete-secret-key <key id>
	gpg --delete-key <key id>
	delete public and private key files







#
# if something does not work, please contact n@nikobojs.com
#