-
Notifications
You must be signed in to change notification settings - Fork 341
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Combination of backup with local encryption #647
Comments
I think all you would need to do is configure duplicacy to backup the mounted (un-encrypted) data. I don't think any cache files would contain clear data and the backup could be arranged to fail if the data isn't mounted. You might want to bring this up on https://forum.duplicacy.com for more details. |
|
I don't know what you mean by "safe". Usually if you can't trust your local storage you have bigger problems to resolve. I can say that you don't need to store any encryption keys on disk and would need to enter them manually in order to access or add to your backups, unless you store them some other way.
There has been work to make backups mountable via fuse, though I don't think it's been merged. Regardless, the local mount wouldn't be writeable so your options for "working with the data" would be limited to read-only. If you then remove the original unencrypted data, your backup is now your only copy and isn't exactly a "backup" anymore. It sounds like you're looking to use duplicacy as a live, encrypted file system, which it certainly wasn't designed for. I do think it would be possible, and secure, to create an encrypted file system with some other tool, mount that FS, move your data in there, and create duplicacy backups of that mounted FS. I suggest starting a thread on https://forum.duplicacy.com/ to discuss this further. |
Would it be possible to combine backup with local file encryption? File encryption progs like gocryptfs produce locally encrypted files that can be mounted in a local folder to work with it unencrypted. Backup of these encrypted files is difficult, deduplication, splitting... doesn't work. Backup of the mounted (decrypted) files needs double de-/encryption and might be unsafe, because the backup prog stores data locally.
So a combination would be great: files are locally encrypted by the backup prog and -only when mounted- the backup can be performed and the user can work with the data. While not mounted, nothing changed and backup is not necessary.
The text was updated successfully, but these errors were encountered: