Securely backup files to an online drive with gocryptfs
mouse 4208 · person cloud · link
Last update
2023-11-13
2023
11-13
«encrypted online backup»

We can easily accomplish this by using rclone on top of gocryptfs (hp), just remember to:

  • do not lose the .gocryptfs.reverse.conf volume's settings file
  • disable online storage automatic file versioning to increase security

Note: in the future we could use rclone crypt but at the moment it is not the best option available.

Install

1
2
3
4
5
6
sudo bash
mkdir -p /opt/gocode/src
cd /opt/gocode/src
git clone https://github.com/rfjakob/gocryptfs.git
cd gocryptfs && ./build.bash # buildfor CPU w/o AES-NI
strip /opt/gocode/bin/gocryptfs

Backup

1
2
3
4
5
6
7
8
# 1. setup the encrypted virtual fs
gocryptfs -init -reverse plain enc
# 2. move away volume settings
fusermount -u enc
mv plain/.gocryptfs.reverse.conf plain-gcfs.conf
# 3. remount and start the backup
gocryptfs -reverse -conf plain-gcfs.conf plain enc
rclone sync enc remote:/path/to/dest

Restore

  • Direct mount via rclone mount:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    # 1. mount the online drive on a local folder
    rclone mount remote:/path/to/backup enc
    # 2. mount the unencrypted virtual fs
    gocryptfs -conf plain-gcfs.conf -serialize_reads enc plain
    # 3. restore the backup
    rsync -avi plain/ /path/to/restore/
    # 4. umount the virtual fs in backward order
    fusermount -u plain
    fusermount -u enc
    
  • Dump and decrypt (requires twice the space):

    1
    2
    3
    4
    5
    6
    7
    8
    # 1. temporary dump of the online drive
    rclone sync remote:/path/to/backup enc
    # 2. mount the unencrypted virtual fs
    gocryptfs -reverse -conf plain-gcfs.conf enc plain
    # 3. restore the backup
    rsync -avi plain/ /path/to/restore/
    # 4. umount the vfs
    fusermount -u plain