As a reminder to myself mostly, here's a run-down of a backup "script" I made to backup a small amount of data (< 1GB) to "the cloud".
I have a local folder where I store private documents and some other things. I already back this up locally, but for these things I wanted to put an additional copy "in the cloud", with something like dropbox.
Not that these files are super secret or that I'm an important target, but still this isn't stuff I just want out in the open online, so before I upload them to whatever cloud storage I want, the script encrypts them locally.
Update december 2015: SpiderOak's client is now called SpiderOakONE. Also the executable and location was renamed. But it seems to still work the same. More importantly spideroak no longer offers 2 GB for free. They now only offer a 60 day trial or 30 GB for $7 / month.
General Idea
To create a batch script that will:
- Mount a truecrypt volume
- Copy files to the mounted truecrypt volume
- Unmount the volume
- Trigger cloud storage sync of the truecrypt container file
Completed script
"C:\Program Files\TrueCrypt\TrueCrypt.exe" /volume "C:\Users\user\Documents\SpiderOak Hive\docs.tc" /lz /quit /m ts /p "THE_KEY_FOR_THE_CONTAINER" /b
echo "Wait for beep ..."
pause
robocopy "C:\Users\user\Documents" "Z:" /E /Z
"C:\Program Files\TrueCrypt\TrueCrypt.exe" /q /dz
"C:\Program Files\SpiderOakONE\SpiderOakONE.exe" --batchmode -v
Prerequisites
- Truecrypt
- Spideroak
- Windows 7 (robocopy)
Setup TrueCrypt
Technically, TrueCrypt stopped existing somehow when the developers decided to stop everything. But you can still use it for general encryption purposes.
You currently can get an installer here: TrueCrypt from GRC.COM (yes, grc.com, let's face it, it's probably clean).
Setup SpiderOak
I'm using SpiderOak as the no-cost cloud storage for my backup. Not because of the security features it offers but because you can trigger the sync from the command line (I could not find a way to do this with dropbox).
Just go to spideroak.com and setup Spideroak. Turn off "start on windows logon", unless you want SpiderOak running all the time. I don't because I don't really use it for that purpose.
Create TrueCrypt Container
Create a new empty TrueCrypt container in your SpiderOak "hive" (the folder from which files are synced to SpiderOak).
I created a 1 GB container, which is enough to store the things I want to backup. SpiderOak gives you 2 GB at no-cost.
Part 1: Mount the container from command line
"C:\Program Files\TrueCrypt\TrueCrypt.exe" /volume "C:\Users\user\Documents\SpiderOak Hive\docs.tc" /lz /quit /m ts /p "THE_KEY_FOR_THE_CONTAINER" /b
echo "Wait for beep ..."
pause
Break-down of the truecrypt command:
- /volume: just points to the truecrypt volume we'll be mounting
- /lz: mount the volume on the "Z:" drive letter
- /quit: perform requested actions and exit
- /m ts: mount option to indicate we should NOT preserve timestamp. If we preserve the timestamp SpiderOak will not see the file as changed and it won't sync correctly
- /p: the password for the truecrypt volume. I choose to put it in the script. This makes sense: if you can read this script, you likely can also read the files I'm backing up, since they're stored unencrypted on the same system.
- If you don't want this, just leave the /p parameter out and TrueCrypt will ask you for a password or keyfile.
- /b: Beeps when the volume has been succesfully mounted
The last option is also why I ask to "wait for the beep" after the truecrypt command. If we continue too fast we might start doing things before the volume is mounted.
Part 2: Copy stuff
This is easy with robocopy:
robocopy "C:\Users\user\Documents" "Z:" /E /Z
This will just copy everything to the Z: drive from the given folder. Adding /MIR would create an exact copy. In the above case, files deleted in the source will remain on the destination.
Part 3: Unmount TrueCrypt volume
"C:\Program Files\TrueCrypt\TrueCrypt.exe" /q /dz
This tells Truecrypt to unmount the Z drive.
Part 4: Trigger SpiderOak sync
"C:\Program Files\SpiderOakONE\SpiderOakONE.exe" --batchmode -v
Use --batchmode to ensure SpiderOak quits after the sync is complete, -v is "verbose", which makes you get some feedback during the process.
Note that for a 1 GB file this will take a while the first time, but subsequent times will be faster because SpiderOak does a differential upload.