MicroSD Backups with Encryption that Save Space
This post will cover steps on how to create and secure MicroSD backups, with the focus being on disaster recovery for RPi systems. This method of backup is hardly the best method available, but it does offer space savings and more security. In this demonstration, a second Linux system will be used as the backup target with the MicroSD media attached as the backup source.
First step is to establish how large the MicroSD media is and if the target has the space to accommodate. This can be confirmed with the following command, with results that may look similar for others doing this.
sudo fdisk -l Device Boot Start End Sectors Size Id Type /dev/sdb1 2048 131071 129024 63M c W95 FAT32 (LBA) /dev/sdb2 131072 62333951 62202880 29.7G 83 Linux
Second step is to run the backup with the following command. Do note that the “sdb” reflects the media designation for the MicroSD card based on the earlier fdisk command. Those following these steps may have a different designation, which should be used in the next command’s “if=dev/sdb” argument.
sudo dd if=/dev/sdb of=/home/local/Backups/RPi.img status=progress status=progress
The duration and speed of the backup will depend on how the MicroSD media is attached. It’s best to use and card slot, USB adapter, or port that support the fastest throughput.
Third step follows the completion of the backup and is used to change the ownership of the resulting image file since the previous command used “sudo”
sudo chown local /home/local/Backups/RPi.img
Forth step is to encrypt and compress the backup. The following command will prompt for a passphrase that will be used to decrypt the image at a later time.
gpg --no-symkey-cache --output /home/local/Backups/RPi.gpg --symmetric /home/local/Backups/RPi.img
Fifth step is to delete the initial backup since it is using more space and is not encrypted.
rm /home/local/Backups/RPi.img
This will result in a backup of the MicroSD media that both saves space and is secure. When a restore is needed at a later time. this command can be used to decrypt the backup. This will prompt for the passphrase used to encrypt the backup originally. Be aware that the resulting decrypted backup will be uncompressed, so the restore path must have enough free space available.
gpg --no-symkey-cache --passphrase -o /home/local/Backups/RPi.img -d /home/local/Backups/RPi.img.gpg
Finally, the backup can be restored to the MicroSD media with this command. Be mindful that MicroSD writes take more time than reads, so the restore will take longer than the initial backup.
sudo dd if=/home/local/Backups/RPi.img of=/dev/sdb status=progress
Now the MicroSD media is ready for use.