• Stars
    star
    301
  • Rank 138,451 (Top 3 %)
  • Language
    Python
  • License
    Other
  • Created about 4 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

nFreezer is an encrypted-at-rest backup tool.

nFreezer

nFreezer (for encrypted freezer) is an encrypted-at-rest backup tool, designed specifically for the case when the destination server is untrusted. With nFreezer, the data is safe on the destination server even if a malicious user gets root access to it.
Use case: you can store your private data on a friend's computer, or on a remote server on which you never had physical access and that you don't fully trust.

Features

  • encrypted-at-rest: the data is encrypted locally (using AES), then transits encrypted, and stays encrypted on the destination server. The destination server never gets the encryption key, the data is never decrypted on the destination server.

  • incremental and resumable: if the data is already there on the remote server, it won't be resent during the next sync. If the sync is interrupted in the middle, it will continue where it stopped (last non-fully-uploaded file). Deleted or modified files in the meantime will of course be detected.

  • image graceful file moves/renames/data duplication handling: if you move /path/to/10GB_file to /anotherpath/subdir/10GB_file_renamed, no data will be re-transferred over the network.

    This is supported by some other sync programs, but very rarely in encrypted-at-rest mode.

    Technical sidenote: the SHA256 hashes of the unencrypted files are stored encrypted on the destination (phew!). Thus, no SHA256 hash could be accessed (to get information about your data) in the event of a breach on the destination server.

  • stateless: no local database of the files present on destination is kept. Drawback: this means that if the destination already contains 100,000 files, the local computer needs to download the remote filelist (~15MB) before starting a new sync; but this is acceptable for me.

  • does not need to be installed on remote: no binary needs to be installed on remote, no SSH "execute commands" on the remote, only SFTP is used

  • single .py file project: you can read and audit the full source code by looking at nfreezer.py, which is currently < 300 lines of code.

Installation

You need Python 3.6+, and to do:

pip install nfreezer

and that's all.

(An alternative installation method is to install the requirements with pip install pysftp pycryptodome and just copy the single file nfreezer.py where you want to use it.)

Usage

Backup to a remote server

import nfreezer
nfreezer.backup(src='test/', dest='[email protected]:/test/', sftppwd='pwd', encryptionpwd='strongpassword')

or, from command-line:

nfreezer backup test/ [email protected]:/test/          # Linux
nfreezer backup "D:\My docs\" [email protected]:/test/  # Windows

Restore from a backup

import nfreezer
nfreezer.restore(src='[email protected]:/test/', dest='restored/', sftppwd='pwd', encryptionpwd='strongpassword')

or, from command-line:

nfreezer restore [email protected]:/test/ restored/

Alternatively, if you prefer, you can also copy the remote backuped files (encrypted-at-rest) to a local directory backup_copied/ and restore with nFreezer from this local directory:

nfreezer restore backup_copied/ restored/

Comparison

These are the key points that were important for me, and that's why I coded this tool, but I totally agree it's subjective, and one could easily make a similar table with all the boxes checked for another program and none for mine.

Not handling renames gracefully (and thus retransfer data over the network again and again) was a no-go for me because I often move or rename directories containing multimedia projects with gigabytes of data.

- nFreezer Rsync Rclone Syncthing Duplicity
encrypted-at-rest âš« âš«
(Crypt)
⚪
(experimental)
âš«
no local database âš« âš« âš« ?
no install needed on remote âš« âš« ?
handles renames gracefully âš« (surprisingly,
no)
(not with Crypt) âš«

Contribution

In order to keep the small-single-file requirement and because maintaining and merging code is a demanding task, this project currently does not accept pull requests.

However, Github issues, including snippets of code, are welcome.

Development

This software is in the early stages of its distribution, at the time of writing (Nov. 2020), so use it at your own risk, and please don't use it for data for which you don't have other backup.

Author

Joseph Ernest

Sponsors and consulting

I am available for Python, Data science, ML, Automation consulting. Please contact me on https://afewthingz.com for freelancing requests.

Do you want to support the development of my open-source projects? Please contact me!

I am currently sponsored by CodeSigningStore.com. Thank you to them for providing a DigiCert Code Signing Certificate and supporting open source software.

License

MIT with free-of-charge-redistribution clause, see the LICENSE file.

More Repositories

1

writing

Writing is a lightweight distraction-free text editor, in the browser (Markdown and LaTeX supported).
JavaScript
1,031
star
2

bigpicture.js

bigpicture.js is a Javascript library that allows infinite panning and infinite zooming in HTML pages.
JavaScript
809
star
3

SamplerBox

SamplerBox is a sampler musical instrument based on RaspberryPi.
Python
416
star
4

Yopp

A very fast way to transfer a file from phone to computer and vice versa.
PHP
400
star
5

talktalktalk

TalkTalkTalk is an easy-installable small chat room, with chat history.
HTML
251
star
6

Swap

Swap.js is a "HTML-over-the-wire" AJAX-navigation micro-library
PHP
232
star
7

void

Void is a blogging platform.
PHP
193
star
8

TinyAnalytics

TinyAnalytics is a lightweight analytics tool (unique visitors count, etc.)
PHP
148
star
9

AReallyBigPage

Collaborative whiteboard based on bigpicture.js
HTML
42
star
10

EasyVolcaSample

Easy upload .wav files to Korg Volca Sample!
C
25
star
11

impulseresponse.py

Get a reverb impulse response (IR) from a frequency sweep
Python
21
star
12

bloggggg

bloggggg is a blogging platform.
PHP
13
star
13

sdfgh

"sdfgh", an encrypted notepad in ~65 lines of Python. Read the code, trust it (or not), and use it (or not)!
Python
11
star
14

RaspFIP

Ecouter la radio FIP avec un Raspberry Pi (sans écran ni clavier). Une seule action à faire : Power On !
9
star
15

0Doc

Documentation made simple.
JavaScript
6
star
16

rebootnow

Reboot to a specific device easily (HDD2, USB, CDROM, BIOS Setup, etc.)
Python
4
star
17

NeverForget

Easiest sticky notes app possible. Always there on Windows' deskop.
C++
3
star
18

wavfile.py

Python
2
star
19

aayi

The tiniest website analytics tool
PHP
1
star
20

ShareLinkAndPixelIt

Share external links on Facebook, but have them caught by your Facebook Pixel (useful to build retargeting audience)
PHP
1
star
21

0Doc-chip

Example of use of 0Doc for C.H.I.P.'s documentation
CSS
1
star
22

copycopypastepaste

CTRL+C some text, CTRL+C another text, then CTRL+V and CTRL+< to paste two buffers!
Visual Basic
1
star
23

textarea

https://josephernest.github.io/textarea/htmleditor.html
HTML
1
star
24

bigpicture-editor

Standalone editor based on bigpicture.js
JavaScript
1
star