sperea.es
Published on

Leveraging Telegram for Encrypted Backups. Unlimited and Secure Cloud Storage Made Easy

Authors

Hey everyone! I wanted to share how I manage all my digital stuff. I have tons of things stored on my own server and I'm always making backups to make sure I don't lose anything important. But to feel even safer and add an extra layer of security, I also decided to occasionally upload an encrypted copy to Telegram. Plus, since Telegram offers unlimited storage, I thought, why not? This way, my data is well-protected and backed up in multiple places.

I have shared the code I developed for a backup system that uses Telegram as a storage medium. This approach leverages Telegram's unlimited storage capacity while ensuring security through encryption. Below, I detail each step of the process for those who wish to replicate or adapt this implementation.

1. Initial Setup

Prerequisites

  • Python installed on the system (preferably Python 3.9 or higher).
  • Access to a Telegram account.
  • Installation of the following Python libraries:
    • telebot for interacting with the Telegram API.
    • cryptography for encrypting and decrypting data.
    • os and shutil for file manipulation.

Creating a Bot in Telegram

  1. Open Telegram and search for the bot @BotFather.
  2. Use the /newbot command and follow the instructions to create a new bot.
  3. Copy the Access Token provided by BotFather. This token will be required to configure the bot in the code.

2. Repository Configuration

Cloning the Repository

git clone https://github.com/sperea/backup_to_telegram.git
cd backup_to_telegram

Environment Setup

Inside the directory, I created a .env file to store sensitive configurations, such as the bot token and the chat ID of the user or group where the backups will be sent. The format of the .env file is as follows:

TELEGRAM_BOT_TOKEN=<your_telegram_token>
TELEGRAM_CHAT_ID=<destination_chat_id>
ENCRYPTION_KEY=<base64_encryption_key>

I generated the encryption key using the cryptography library:

from cryptography.fernet import Fernet
print(Fernet.generate_key().decode())

This key is used to encrypt and decrypt the data before sending it.

3. Automation with Cron

To make the backups automatic, I configured a cron job:

crontab -e

I added the following line to run the script daily at 2 a.m.:

0 2 * * * /usr/bin/python3 /full/path/to/backup.py

4. Configuration

Setting Everything Up with the .env File and Generating GPG Keys

Alright, let’s get into the nitty-gritty of setting everything up. We’ll cover how to configure your backup system using the .env file, generate a GPG key pair for encryption, and securely store your keys using a password manager like Bitwarden.

Configuring with the .env File

The .env file is where you’ll store all the necessary configurations for your backup setup. This file keeps sensitive information like tokens and keys out of your codebase, making everything more secure and easier to manage.

Here’s a basic example of what your .env file might look like:

# Telegram Configuration
TELEGRAM_BOT_TOKEN=your_telegram_bot_token
TELEGRAM_CHAT_ID=your_telegram_chat_id

# GPG Keys
GPG_PUBLIC_KEY=your_generated_public_key
GPG_PRIVATE_KEY=your_generated_private_key

Steps to Configure:

  1. Create a .env File:

    • In your project directory, create a file named .env.

  2. Add Your Telegram Bot Token and Chat ID:

    • TELEGRAM_BOT_TOKEN: Obtain this by creating a bot through BotFather on Telegram.
    • TELEGRAM_CHAT_ID: This is the ID of the chat where you want to receive your backups. You can get this by sending a message to your bot and checking the updates via the Telegram API or using a bot like IDBot.

  3. Insert Your GPG Keys:

    • You’ll generate these keys in the next section. Once you have them, paste the public key into GPG_PUBLIC_KEY and the private key into GPG_PRIVATE_KEY.

  4. Keep Your .env Secure:

    • Important: Make sure to add .env to your .gitignore file to prevent it from being pushed to any public repositories.

Generating GPG Public and Private Keys

GPG (GNU Privacy Guard) is a tool for secure communication and data storage. We’ll use it to encrypt your backups before sending them to Telegram.

Steps to Generate GPG Keys:

  1. Install GPG:

    • Windows: Download and install Gpg4win.
    • macOS: Use Homebrew: brew install gnupg.
    • Linux: Install via your package manager, e.g., sudo apt-get install gnupg.

  2. Generate a New GPG Key Pair:

    • Open your terminal and run:
      gpg --full-generate-key
    • Choose Key Type: Select the default option (RSA and RSA).
    • Key Size: 2048 bits is standard, but 4096 bits is more secure.
    • Expiration: Set an expiration date or choose not to expire.
    • User Information: Enter your name and email address.
    • Passphrase: Choose a strong passphrase to protect your private key.

  3. Export Your Public Key:

  4. Export Your Private Key:

  5. Add Keys to Your .env File:

    • Open the public.key and private.key files with a text editor.
    • Copy the entire content of each file and paste them into the GPG_PUBLIC_KEY and GPG_PRIVATE_KEY fields in your .env file, respectively.

    Example:

    GPG_PUBLIC_KEY="-----BEGIN PGP PUBLIC KEY BLOCK-----
...
-----END PGP PUBLIC KEY BLOCK-----"

GPG_PRIVATE_KEY="-----BEGIN PGP PRIVATE KEY BLOCK-----
...
-----END PGP PRIVATE KEY BLOCK-----"

Storing Your GPG Keys Securely

Your GPG keys are the heart of your encryption process, so it’s crucial to store them safely. Using a password manager like Bitwarden ensures that your keys are encrypted and accessible only to you.

Why Use Bitwarden?

  • Security: Bitwarden uses end-to-end encryption to protect your data.
  • Convenience: Access your keys from any device with your master password.
  • Organization: Keep your keys organized and easily retrievable without clutter.

Steps to Store Your Keys in Bitwarden:

  1. Sign Up or Log In to Bitwarden:

    • Visit Bitwarden and create an account or log in if you already have one.

  2. Add a New Secure Note:

    • In your Bitwarden vault, click on “Add Item” and select “Secure Note.”

  3. Create a Secure Note for Your GPG Keys:

    • Name: Give it a clear name, like “GPG Keys Backup.”
    • Notes: Paste your GPG_PUBLIC_KEY and GPG_PRIVATE_KEY content here.
    • Tags: Optionally, add tags like encryption or backup for easy searching.

  4. Save the Secure Note:

    • Click “Save” to store your keys securely in Bitwarden.

  5. Enable Two-Factor Authentication (2FA):

    • For added security, enable 2FA on your Bitwarden account to prevent unauthorized access.

Additional Tips:

  • Regular Backups: Periodically back up your Bitwarden vault to ensure you don’t lose access to your keys.
  • Never Share Your Private Key: Keep your private key strictly confidential. Never share it with anyone or store it in insecure locations.
  • Use Strong Passphrases: Both your GPG keys and Bitwarden account should be protected with strong, unique passphrases.

By following these steps, you’ll have a robust and secure backup system in place. Your data is safely encrypted with GPG and backed up both locally, in the cloud, and now on Telegram. Plus, with your keys securely stored in Bitwarden, you can rest easy knowing your backups are protected from unauthorized access.

If you have any questions or run into issues while setting this up, feel free to reach out. Happy backing up!

5. Testing and Verification

I conducted tests to ensure that:

  1. The data is correctly encrypted before being sent.
  2. The files arrive in the specified Telegram chat.
  3. The script handles errors, such as no internet connection or corrupted files.

6. Conclusions

Implementing this system not only allows me to perform secure and accessible backups from anywhere but also ensures that the data is protected through encryption. Telegram becomes an ally for storing backups in a simple way, eliminating the need for complex or costly solutions.

I hope this article helps you implement your own solution!

Link | Github Repo

Discuss on TwitterView on GitHub