This project is dead. The next version of kechain backup is now here: https://github.com/thinklearndo/keychain_backup_pi.
Improvements:
- Much faster, 5 - 8 Megabytes a second.
- OLED LCD display with buttons for interacting with it, allowing for safe to remove USB interactions.
- Raspberry pi based, either 3 A+ or 3 B+.
Keychain backup is a simple device to create encrypted backups of your files that you take with you on your keychain! Think of it as an offsite backup of your important files, that is always with you. With the added benfit of not having to pay monthly fees.
Here's some examples of how to use keychain backup. Personally, I have a linux server that acts as a backup server. My important files from my other computers get backed up to it, then every night it backs up the changed files to the keychain backup. I have it scheduled to stop running the backup early in the morning, to make sure that the USB flash drive can be removed safely.
Another idea I had was to alternate USB flash drives. That would allow backups to run during the day without an extra backup server.
Q: Since I can't do "Safely Remove USB" on my USB drive, won't the filesystem on my USB drive get ruined?
A: It is designed to use the ext4 filesystem, which is a very resisilent. To prove that, I created a test system to mimic unexpectedly removing the USB Drive. It tested 500+ removals and had no failures! You can read about it here.
JUN 16 2022 - Still a work in progress. These steps should work to get you setup but there may be bugs! John
Items needed:
1x printed out case - get it here
4x m2.5 5mm screws (for mounting the raspberry pi in the case)
3x cup hooks (I used 1.25" Hillman Cup hooks)
2x #8 2.5" screws (for mounting on the wall)
2x drywall screw holders (also for mounting on the wall)
Drill with 1/4" drill bit (for the drywall holder screw holes)
1x Raspberry Pi, setup to connect to your wifi + its power stuff
USB Drive formatted with EXT4 for backing up to.
- Place the Raspberry Pi in the case and screw it in with the 4x m2.5 screws.
- Screw in the cup hooks to the bottom of the case.
- Using the case as a guide, drill out 1/4" holes and mount the case with the 2x #8 screws.
- Plug in the power stuff for the Raspberry Pi and let it turn on.
- Plug in your USB drive.
PLEASE NOTE: This will delete all data on your USB drive!
- Remote into the Raspberry Pi using SSH and install cryptsetup:
sudo apt update
andsudo apt install cryptsetup
- Find the device name for your USB drive, run
mount
and make note of the/dev/sdX
that represents your USB drive. - Run fdisk on that device:
fdisk /dev/sdX
- Delete everything on there: type
d
enter thenn
enter, and accept all the defaults. Then typew
and press enter. - Then setup encryption on that partition, run
cryptsetup luksFormat /dev/sdX1
, accept the warning by typing in an upppercaseYES
and press enter. - Enter a password for this encrypted partition, don't forget it!
- Once that finishes, make a directory to mount the encrypted device at:
sudo mkdir /mnt/container
- create a key to mount the container on boot:
sudo dd if=/dev/random bs=32 count=1 of=/root/lukskey
- Add that key to your encrypted container:
sudo cryptsetup luksAddKey /dev/sdX1 /root/lukskey
. Enter the container password you setup. - Get the UUID for your encrypted parition, run
sudo blkid
and find the UUID associated with your encrypted container, you'll need this to setup crypttab. - Edit your
/etc/crypttab
file with your favorite editor and add this:container UUID=<uuid from previous step> /root/lukskey luks
, save and exit - Edit your
/etc/fstab
file with your favorite editor and add this:/dev/mapper/container /mnt/container ext4 defaults,nofail,x-systemd.automount 0 0
, save and exit - Reboot and verify that the USB drive is automatically mounted on
/mnt/container
At this point the Raspberry Pi is setup to automatically mount the encrypted USB device when it is plugged in. Next setup your backup software to backup to the USB device. A howto will be coming shortly!
- Place the circuit board on the case and screw in the 4 m3 screws.
- Screw in the hooks into the diamond holes on the bottom of the case.
- Insert the Omega2+ into the headers on the circuit board.
- To mount the device on the wall, drill two 1/4" holes, using the case as a guide. Insert the blue drywall hangars into the holes. Then use the provided silver screws to screw the case to the wall.
-
Insert the USB drive into the USB port. NOTE: The initial setup will erase all files on the USB drive!
-
Plug in the micro usb connector on the circuit board, then insert the other end into the power brick and plug it in to power on the device.
- Go through Omega setup, https://docs.onion.io/omega2-docs/first-time-setup.html
- Start the Setup app. Get it here!
- Enter the Omega2+'s Ip address.
- Set a new SSH password the Omega2+.
- Set the password that will be used for the encrypted storage container.
- If you want to use Syncthing, click advanced, then make sure Install Syncthing checkbox is checked.
- Click setup device.
- You will need to click the warning button about all files being deleted from the USB drive.
- Once setup finishes, the encrypted storage container will be mounted at /tmp/container on the Omega2+.
With the keychain backup device setup, next is setting up a backup program to backup to it. Any backup program that can send data to an SSH host should be able to work with keychain backup. Here's an example using a free, open source program
Keychain Backup now supports Syncthing! For info on setting it up, check out the Syncthing Documentation!
While this is a cool backup device, there are some limitations to be aware of. It's mostly designed to be used as a cold storage type device, where data is backed up to it that isn't changing often.
- Backup speed is not fast. The fastest I've been able to backup data to it is about 1GB in 15 minutes. Assuming 1GB every 15 minutes, if the device is plugged in over night for 8 hours, it could backup 32GB.
- Its backing up on a solid state USB device. Backing up constantly changing data will probably shorten the lifetime of the USB device.
- The encryption key is stored on the device on your wall. If someone gets access to it, they will be able to decrypt all the data on the USB device. The encryption is designed to prevent some random person from viewing your photos and it probably won't stop someone who is determined to get access to it.
For information on recovering files from the USB drive, see this document.
You will need nodjes and npm isntalled.
Install electron-packager: npm install --save-dev electron-packager
Then to build it for windows: npx electron-packager manageApp/ keybackupmanager --platform=win32 --arch=x64