Securely backup files to an online drive
Last update
2018-11-30
2018
11-30
«encrypted online backup»

We can easily accomplish this by using rclone on top of encfs, just remember to:

  • do not loose the .encfs6.xml volume's settings file
  • consider using AES because it is often hardware accelerated (eg: ks:256, bs:4096)
  • check your online drive limitations such as case insensitive file names (eg: Block32)
  • choose a random IV for each file to increase security if you can afford some space wasting (eg: Enable per-file initialization vectors? > yes)
  • disable online storage automatic file versioning to increase security

Note: in the future we could use rclone crypt but at the moment it is not the best option available.

Backup

1
2
3
4
5
6
7
8
# 1. setup the encrypted virtual fs
encfs -f --reverse plain enc
# 2. umount and move away volume settings
fusermount -u enc
mv plain/.encfs6.xml plain-encfs6.xml
# 3. remount and start the backup
ENCFS6_CONFIG=plain-encfs6.xml encfs -f --reverse plain enc
rclone sync enc remote:/path/to/dest

Restore

Stable solution:

1
2
3
4
5
6
7
8
# 1. temporary dump of the online drive
rclone sync remote:/path/to/backup enc
# 2. mount the unencrypted virtual fs
ENCFS6_CONFIG=plain-encfs6.xml encfs -f enc plain
# 3. restore the backup
rsync -avi plain/ /path/to/restore/
# 4. umount the vfs
fusermount -u plain

Experimental solution via rclone mount:

1
2
3
4
5
6
7
8
9
# 1. temporary dump of the online drive
rclone mount remote:/path/to/backup enc
# 2. mount the unencrypted virtual fs
ENCFS6_CONFIG=plain-encfs6.xml encfs -f enc plain
# 3. restore the backup
rsync -avi plain/ /path/to/restore/
# 4. umount the virtual fs in backward order
fusermount -u plain
fusermount -u enc