Securely backup files to an online drive with EncFS (OBSOLETE)
Last update
2019-02-04
2019-02-04
«encrypted online backup»
ATTENTION: EncFS is not secure for online storage, see my gocryptfs post or consider an alternative.
We can easily accomplish this by using rclone on top of encfs, just remember to:
- do not loose the
.encfs6.xml
volume's settings file - consider using AES because it is often hardware accelerated (eg: ks:256, bs:4096)
- check your online drive limitations such as case insensitive file names (eg: Block32)
- choose a random IV for each file to increase security if you can afford some space wasting (eg:
Enable per-file initialization vectors?
> yes) - disable online storage automatic file versioning to increase security
Note: in the future we could use rclone crypt
but at the moment it is not the best option available.
Backup
1 2 3 4 5 6 7 8 | # 1. setup the encrypted virtual fs encfs -f --reverse plain enc # 2. umount and move away volume settings fusermount -u enc mv plain/.encfs6.xml plain-encfs6.xml # 3. remount and start the backup ENCFS6_CONFIG=plain-encfs6.xml encfs -f --reverse plain enc rclone sync enc remote:/path/to/dest |
Restore
Stable solution:
1 2 3 4 5 6 7 8 | # 1. temporary dump of the online drive rclone sync remote:/path/to/backup enc # 2. mount the unencrypted virtual fs ENCFS6_CONFIG=plain-encfs6.xml encfs -f enc plain # 3. restore the backup rsync -avi plain/ /path/to/restore/ # 4. umount the vfs fusermount -u plain |
Experimental solution via rclone mount
:
1 2 3 4 5 6 7 8 9 | # 1. temporary dump of the online drive rclone mount remote:/path/to/backup enc # 2. mount the unencrypted virtual fs ENCFS6_CONFIG=plain-encfs6.xml encfs -f enc plain # 3. restore the backup rsync -avi plain/ /path/to/restore/ # 4. umount the virtual fs in backward order fusermount -u plain fusermount -u enc |