Includes 2 python scripts: - Encrypt mongodump + files - Download encrypted files and verify signature These scripts are meant to be used with cron
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
niko 692a1fa88f updated README 4 years ago
README.txt updated README 4 years ago initial commit 4 years ago initial commit 4 years ago initial commit 4 years ago initial commit 4 years ago



- copy, and to server in /root folder
- edit files so they are configured correctly (dont commit sensitive data)
- set up root crontab using command `crontab -e` (as root) - add following lines:

0 4 * * * /root/
30 4 * * * /root/


- download any time (add cronjob ?) with following syntax:

python3 ./src/ \
--server <ip/domain> \
--username <ssh user> \
--key-filename <ssh private key> \
--server-path <path to download from> \
--local-path <local target path> \
--report-to <http url for reporting> \
--report-token <secret to verify authority> \
--gpg-recipient <gpg id to verify>

# (tested on debian 9)

- disable internet connection
- get private gpg key

- import gpg key
gpg --import private.key
gpg --import public.key

- find key id (40 length hex string)
gpg --list-keys

- trust key (do you trust key storage/transport medium?)
gpg --edit-key <key-id>

- install recursive-decrypt package
sudo apt install signing-party

- add imported key as default key
insert <key-id> in appropriate place in ~/.gpgdirrc

- decrypt recursively with `gpgdir` (if it fails for a file, the file is probably corrupt anyways - delete it and rin decrypt command again)
gpgdir -d ./path/to/downloads

- delete gpg keys (very important!)
gpg --delete-secret-key <key id>
gpg --delete-key <key id>
delete public and private key files

# if something does not work, please contact