Now Hiring: Are you a driven and motivated 1st Line DevOps Support Engineer?

Secure Backup with Duplicity and PGP in Ubuntu 20.04 LTS

Digital data security padlock with binary code
Uncategorized

Secure Backup with Duplicity and PGP in Ubuntu 20.04 LTS

In this article, we are going to learn to take secure backup using Duplicity and PGP. Backup is being encrypted with a single key pair and we will restore it with that encrypted key or key-id.

Duplicity is a software utility that helps to take an encrypted backup using PGP (Pretty Good Privacy), that creates digitally signed, versioned, local, or remote backup of files. Duplicity also supports many protocols like SSH/SCP, Rsync, FTP, DropBox, Amazon S3, Google Docs, Google Drive, local file system, One Drive, and many more.

Prerequisites

  • We need two servers with Ubuntu 20.04.
    a. Host Server
    b. Backup Server
  • Root privileges

Step 1: Checking Duplicity version

First, we have to check if the duplicity utility is installed or not by using this command.

$ duplicity -V

Output

$ duplicity 0.8.12

Note: if duplicity is not installed on your system, then you have to follow these commands.

Step to Install Duplicity

1.1 First Install PHP libraries
$ sudo apt-get install ncftp python3-paramiko python-pycryptopp lftp python3-boto python3-dev librsync-dev
1.2 Install Duplicity Utility
$ sudo apt-get install duplicity -y

Step 3: Generate a GPG key to encrypt data

We will generate a GPG key for encrypting our data it will provide us an additional layer of security for our backups run the following command to create your PGP or GPG key. When you are creating a key it will ask some details like passphrase, email, your name, e.t.c.

$ gpg --gen-key

Output

pub   rsa3072 2021-04-29 [SC] [expires: 2023-04-29]        FA860C210B50D18623C19A59D895F0A0D894CA36  (this is your public key or ID)  uid           [ultimate] Test key test@yahoo.com  sub   rsa3072 2021-04-29 [E] [expires: 2023-04-29]

Note: Remember the passphrase you entered at the time of creating the key..

Step 4: Verifying Key

It will list down all the created GPG keys.

$   gpg --list-keys

Step 5: Create a backup directory on the backup server

It will have the all encrypted files which we will backup.

$ mkdir backup

Step 6: Perform Backup manually

We will use duplicity here to perform encrypted backup manually here we will provide our GPG key id to encrypt our backup with GPG key and also give a source file path and destination file path with the backup server IP address.

$ duplicity  --encrypt-key FA860C210B50D18623C19A59D895F0A0D894CA36 /test_files/  sftp://root@(server-ip-address)//home/ubuntu/backup.

Note: when you are performing a backup it will ask a passphrase remember the passphrase.

Output

Local and Remote metadata are synchronized, no sync needed.
 Last full backup left a partial set, restarting.
 Last full backup date: may 4 12:06:52 2020
 RESTART: The first volume failed to upload before termination.
          Restart is impossible…starting backup from beginning.
 Local and Remote metadata are synchronized, no sync needed.
 Last full backup date: none
 No signatures found, switching to full backup.
 --------------[ Backup Statistics ]--------------
 StartTime 1596110992.57 (Thu Jul 30 12:09:52 2020)
 EndTime 1596111062.63 (Thu Jul 30 12:11:02 2020)
 ElapsedTime 70.06 (1 minute 10.06 seconds)
 SourceFiles 13313
 SourceFileSize 777994890 (742 MB)
 NewFiles 13313
 NewFileSize 777994890 (742 MB)
 DeletedFiles 0
 ChangedFiles 0
 ChangedFileSize 0 (0 bytes)
 ChangedDeltaSize 0 (0 bytes)
 DeltaEntries 13313
 RawDeltaSize 772067520 (736 MB)
 TotalDestinationSizeChange 318263295 (304 MB)
 Errors 0

Step 7: Verify the backup

By this command we can verify our backups is created or not it will give us all the details regarding to backup files or directories.

$   duplicity --encrypt-key FA860C210B50D18623C19A59D895F0A0D894CA36 collection-status  sftp://ubuntu@(server-ip-address)//home/ubuntu/backup/

Step 8: Verify all the backed up files are there or not

It will show all the backed up files from the backup server where you can verify the files by there name and size.

$  duplicity --encrypt-key FA860C210B50D18623C19A59D895F0A0D894CA36 list-current-files  sftp://ubuntu@(server-ip-address)//home/ubuntu/backup/| less

Step 9: Restore your backup files or directory

If you want to restore some file or folder so you can restore it by using these switches –file-to-restore and the give the file name which you want to restore.

$  duplicity --encrypt-key FA860C210B50D18623C19A59D895F0A0D894CA36 --file-to-restore (file name) sftp://ubuntu@(server-ip-address)//home/ubuntu/backup

Note: It will restore a single file or a directory only this command will not restore full backup.

Step 10: Restore complete backup

It will restore all the backup which will be in the backup folder regarding directories and other files.

$ duplicity --encrypt-key FA860C210B50D18623C19A59D895F0A0D894CA36  sftp://ubuntu@//path_of_the_backup_directory.

Leave your thought here

Your email address will not be published. Required fields are marked *