Depending on directory size, a CD or DVD archive of files in a faculty member’s home directory may be performed bimonthly. These records can be written in the same format as they are stored in the directory (i.e., usually in the clear) or may be encrypted using public key encryption. This program is provided so that faculty may keep a permanent archival record of their online information.
Archives are written bimonthly during the first week of the following months: February, April, June, August,October, and November.
Participation and Delivery
This program is voluntary. Faculty members may participate or opt out, they may have records written once or may participate on a continuing basis. To change how you participate or if you have questions contact Charles McGrew.
If you opt out of this program no records will be written.
Archival records will be available within two weeks of being created. If a faculty chooses to participate the archival records will be available in one of three ways.
- Placed in your faculty mailbox.
- Delivered to faculty office. If you are not present the archival records will be left in your office.
- Held for pickup. Records not picked up within two weeks will be destroyed. Currently, pickup of archives is at Dr. Smith’s office – Core 209.
Archival records are written as tar files and may be encrypted using gnupg (‘gpg’) encryption. The tar file will be either entirely in-the-clear or entirely encrypted. Encryption is performed using a public key. The user’s private key, which is known only to the user, is required to recover any of the data from the tar file. User may request encrypted or unencrypted archives.
Unencrypted archives are recommended for two important reasons:
- Encrypted archives cannot be validated. Unencrypted archives are validated to ensure an accuracy.
- If the private key is lost or forgotten the data is not recoverable.
Setting up for encrypted archives
This only needs to be once.
1) Run gpg –gen-key
the program will ask you for various information, including a passphrase, to generate keys.
2) Place a copy of your public key in your home directory in a file named .gpg-encryptMYarchive using the following command
gpg –export YOURUSERNAME -o .gpg-encryptMYarchive
The write-to-cd software looks for this file in your home directory when producing archives. If it is present encryption can be performed, if it is not present encryption cannot be performed.
For an encrypted archive to be produced, the user must ask specifically to have their archive encrypted, AND have the .gpg-encryptMYarchive set up. Both are required. This enables users to set up their keyfile once, and independently decide whether or not to encrypted archive.
How to extract files from an encrypted archive
1) Decrypt the file using the following command to make the encrypted archive into an unencrypted compressed-tar file
gpg -d ENCRYPTEDFILENAME > UNENCRYPTEDFILENAME.tgz
2) Extract the desired files as you would from the unencrypted archive, UNENCRYPTEDFILENAME.
Since an unencrypted archive is a simple tar file, this can be done with the ‘tar’ command (available on unix’s – including linux, macs, and windows machines.)
http://www.cs.rutgers.edu/~watrous/pgp.html gives excellent how-to information on ‘pgp’, a program very similar to ‘gpg’.
Managing Your Keys
The best way to maintain your private key is to keep a copy of it on a physically secure media that is not part of your home directory. It is recommended that you store your files in ~/.gnupg on a USB ‘key’ device that you keep in a in a physically secure location.
As mentioned earlier, archives not picked up are shredded. This is accomplished with a device that physically scores the bottom (and top) of a CD or DVD so that it is unreadable in any reader.