Securely backup files to an online drive with gocryptfs
Last update
2023-11-13
2023-11-13
«encrypted online backup»
We can easily accomplish this by using rclone on top of gocryptfs (hp), just remember to:
- do not lose the
.gocryptfs.reverse.conf
volume's settings file - disable online storage automatic file versioning to increase security
Note: in the future we could use rclone crypt
but at the moment it is not the best option available.
Install
1 2 3 4 5 6 | sudo bash mkdir -p /opt/gocode/src cd /opt/gocode/src git clone https://github.com/rfjakob/gocryptfs.git cd gocryptfs && ./build.bash # buildfor CPU w/o AES-NI strip /opt/gocode/bin/gocryptfs |
Backup
1 2 3 4 5 6 7 8 | # 1. setup the encrypted virtual fs gocryptfs -init -reverse plain enc # 2. move away volume settings fusermount -u enc mv plain/.gocryptfs.reverse.conf plain-gcfs.conf # 3. remount and start the backup gocryptfs -reverse -conf plain-gcfs.conf plain enc rclone sync enc remote:/path/to/dest |
Restore
Direct mount via
rclone mount
:1 2 3 4 5 6 7 8 9
# 1. mount the online drive on a local folder rclone mount remote:/path/to/backup enc # 2. mount the unencrypted virtual fs gocryptfs -conf plain-gcfs.conf -serialize_reads enc plain # 3. restore the backup rsync -avi plain/ /path/to/restore/ # 4. umount the virtual fs in backward order fusermount -u plain fusermount -u enc
Dump and decrypt (requires twice the space):
1 2 3 4 5 6 7 8
# 1. temporary dump of the online drive rclone sync remote:/path/to/backup enc # 2. mount the unencrypted virtual fs gocryptfs -reverse -conf plain-gcfs.conf enc plain # 3. restore the backup rsync -avi plain/ /path/to/restore/ # 4. umount the vfs fusermount -u plain