AASyc

   Other Topics

© Copyright Robert Vasvari, 1993-2009.

AASync Encoded/Encrypted Backup: cheap, simple to use and highly secure.

Requirements:

Nothing beyond a standard internet storage access: an FTP or SFTP/SSH account.

Learning curve:

minutes

Encoding:

Put your files into an encoded format before uploading to the server.

Encryption:

As an addition to archiving the file, also encrypt its contents.

Advantage:

Just as fast and cheap as unencoded sync, but much more reliable, much less error-prone, totally immune to differences between the client / server hosts and filesystems. Works reliably on any protocol, no need to worry about filenames being illegal on the server, or case sensitivity or international file name encoding issues. These issues are responsible for 99% of the problems during backups. With the encoded backup sync, these become non-issues!

Disadvantage:

This is for backup purposes only the files CANNOT be used in the target location (for backups this is usually not a problem). The files have to be retrieved using AASync's built-in retrieve function before use on the local system. Encoded sync backups work great with or without encryption, giving you a lot of flexibility over the management of backup jobs, while still retaining the advantages of syncing over making fulll backups every time.
Retrieving your data is very easy, a single click will get your data back from any AASync sync destination folder, local or remote. this allows esay sharing your data also, it is very easy to retrieve data from multiple locations.

Purpose:

These days the various internet storage sites have really proliferated for many good reasons: they are cheap, easy to access from anywhere on Earth, using simple protocols like FTP or SFTP. They offer reasonable amounts of disk space at a cheap price. There is one problem though... For the data you store on these sites there in no security whatsoever. As the old saying goes, there is NO security in obscurity. There could be anything from breakins, malicious operators, or simple mistakes by sysadmins that might expose your data to search engines (happened before). Any of these could seriously compromise the safety of your data, making these sites a lot less useful as they should be.

The Encoding:

So, what does it mean, really? It means that your files are stored in an archive format with the file's metadata (name, mod date, eprms, etc..) are stored inside the file. The point is that using this scheme, we can get around all of the limitations and problems arising from transferring files from one host to another.
For an unencoded backup sync there are many potential pitfalls that can prevent a successful sync. First and foremost the file name incompatibility. For instance on a Mac you can have a file called aaa:bbb. This file cannot be transferred the an FTP server running Windows, because there you cannot create a file with a : in the name. You can have spaces or accented characters in filenames that are either illegal or translate differently on the remote destination host. Secondly the metadata such as modofication dates, permissions etc.. are trashed by most FTP servers, so when you retrieve these files from the server, the files will lost that important metadata information. There is also the length problem, on some systems the maximum file path length is less then what you are trying to backup, and that can also cause your backup to fail.
For all these reasons we invented an encoding scheme that is highly optimized for synchronized file backups. Encoded sync is avaliable only if your source is local, tha means Local-to-local or local-toRemote backups. Your files will be stored in an archived format, so they cannot be used on the remote host. This mode is for BACKUP ONLY. Should they be needed the files can be easily retrieved/restored with a single click (see below).

The Encrypt Option:

The encoded backup explained above can be combined with encrypting the contents of your files with a password you supply. This way it is possible to make highly secure encrypted backups over FTP or SFTP. The contents of the files are encrypted using industrial grade encryption provided by OpenSSL. AASync's sync engine has been completely reworked to accomodate this. Just like a standard sync, AASync will detect the changes in the source directory and only copy the deltas to the remote system, making the process very fast and efficient.

Retrieval:

When the time comes to retrieve your sensitive data from encoded/encrypted (or from any) storage, AASync makes this trivial: simply select the sync definition, right click, then from the context menu select "Retrieve Files from sync destination". AASync will retrieve/decode/decrypt your files restoring them to their original state (using the encrypt password if necessary). As of now, AASync will only retrieve the entire sync destination folder, you cannot pick individual files. If you have a retrieve directory set (on the Sync Modes tab) then the files will go there, otherwise into the default retrieve folder wich is HOME/Library/Application Support/AASync3/SYNC_ID/Retrieve).

Share Retrieval:

It is very easy to share data sitting in an AASync sync destination folder. If it is on a server reachable on the internet, you or your friends can get to the data by simply defining a sync def on their own machine, where the destination location is the same, the source is anywhere on the friend's computer. If the sync is encrypted, ther friend also have to known the encrypt password used when the data was sent up. He can click "retrieve" and that is it!

Tips:

ORGANIZE YOUR WORK!! Spend a little time figuring out what it is you need to have backed up. Keeping your backups small will pay dividends many different ways. The backup will go much faster, requiring less disk space on the server. Should you ever need it, retrieve will be much faster!! Think what it is you need to encrypt because it is sensitive data, and do not encrypt data that is not sensitive. Use several smaller backup jobs instead of one big one. You can always schedule/chain them to execute one after another at the scheduled time.

Passwords:

AASync uses two distinctly different kinds of passwords:
  • Login Password: it is used to access your account on the remote host as a part of your SFTP or FTP login sequence. This password will never be used to encrypt the files.
  • Encryption Password: This password is used ONLY to encrypt the contents of your files

WARNING: If you used the encrypt option and you lose the encryption password, you will not be able to recover your files!

AASync will store the encryption password on your keychain, where it is accessible using the Keychain Access App provided by Apple as a part of OSX. This is generally reliable, but it is possible to lose/overwrite the password on the keychain. Be sure that the encryption password is something you can remember easily, or have stored in some other location. AASync will never transmit your encryption password anywhere, encryption/decryption is always done locally.

Recommendations:

  • MAKE SURE the encrypted backup is NOT the only copy you have of these files. Usually these files can safely be stored at home, the purpose of the backup is to give you access to these files on the go, and to have a backup copy stored safely, protected from unauthorized access by others.
  • Organize your files such that you separate the data that is really sensitive to you, personal files, bank records etc..Organization is key to a successful backup strategy. These files usually aren't that big so encrypting them does not take a large performance toll on your system and network connection.
  • Try not to encrypt large files (like movies, etc) unless absolutely necessary as those files may take a long time to encrypt.

Setup:

It is very easy to set up an Encoded Backup Sync. Select New Sync, set the local source and the target (local or remote) folders, then switch the sync mode tab and turn on Encoding/Encryption. Here you can set the Encryption Password and the retrieval directory (see above). If you have already set a default encryption password on AASync's Preferences Panel under the Encryption tab, then the password will be be pre-filled for you.

Caveats:

  • For local and FTP encrypted sync, files are encrypted "on the fly" in small parts as they are being transferred. For SFTP, however, files are encrypted as a whole before uploading. In extreme cases (like if the file is really large and the user's home partition have very little space left) could cause failure of the sync process.