How to configure your remote encrypted backup.
EncFS and Rsync
EncFS and Rsync together make a great combination for keeping your files safe and synced. EncFS is a FUSE-based cryptographic filesystem that encrypts files using an arbitrary directory as storage. Rsync, on the other hand, synchronizes the encrypted folder with the remote cloud so that only the already encrypted files are stored.
How EncFS Works
Encfs is the simplest software you can use for files encryption on Linux. It creates two directories: one with the encrypted files to be synchronized remotely, and the other (virtual) to be mounted with a password that will show the clear text files.
Encfs is a FUSE-based cryptographic filesystem which will transparently encrypt files using an arbitrary directory as storage.
Encfs has been considered the simplest software if you want to try disk encryption on Linux.
Secondly, rsync will keep the encrypted folder synchronized so that only the already encrypted files will be stored on the remote cloud (Dropbox, Google Drive, OneDrive, etc. or your own).
Let’s start.
NOTE: a probably better version in term of performance (not personally tested yet) is gocryptfs. (aspiring successor).
Installation
You can install EncFS in three different ways: from source, using apt or using pacman. You can find the details of each method on the EncFS GitHub page.
Initialize your Local Encrypted Folder
To initialize your local encrypted folder, use the following command:
$ encfs ~/encrypted ~/cleartext
You will be asked to choose between default or paranoia mode. Choose the latter if you want to set the security parameters (AES 256). The command will create an .encfs6.xml file in the directory. This file must be kept secret and copied over to other devices you want to have clear text synchronization too.
As always, choose a very long and complex password !
Use the Clear Text Folder
Now you can use the ~/cleartext folder and files will appear encrypted in the ~/encrypted folder.
Rsync TO the Cloud
Now you can rsync the ~/encrypted folder to your cloud of choice with rsync :
$ rsync -arvz --whole-file --progress -O ~/encrypted/ user@domain:/home/mycloud/
And it’s done! Now only the encrypted files will be on your remote storage.
Let’s see how to have multiple setups.
** EncFS On Another Machine**
Copy the .encfs6.xml
Copy the .encfs6.xml file from the previous ~/cleartext to this machine ~/encrypted folder. (recreate your two folders in this machine)
Initialize your local encrypted folder
$ encfs ~/encrypted ~/cleartext
Now we are going to syncronize the local ~/encrypted folder with the files from the cloud.
Rsync FROM the cloud
$ rsync -arvz --whole-file --progress -O user@domain:/home/mycloud/ ~/encrypted/
Add a file and sync
- Now try to create a new file in the
~/cleartext/ - Push to cloud
$ rsync -arvz --whole-file --progress -O ~/encrypted/ user@domain:/home/mycloud/ - Back from the first machine
$ rsync -arvz --whole-file --progress -O user@domain:/home/mycloud/ ~/encrypted/
Shortcuts
Create an alias to help you, for example:
alias syncNotesDown='rsync -arvzz --whole-file --progress myvps:/home/my/mycloud/ --exclude .encfs6.xml ~/.MyNoteEncrypted '
alias syncNotesUp='rsync -arvzz --whole-file --progress ~/.MyNoteEncrypted/ myvps:/home/my/mycloud/ --exclude .encfs6.xml'
alias mountNotes='encfs ~/.MyNoteEncrypted ~/MyNotes/'
At startup when you want to mount your decrypted notes folder, just do mountNotes.
All your files are synchronized between the two machines, leaving only the encrypted files over the server.
Please feel free to make any comment! If anything is unclear, just write in the comment and I will update the post!
Thanks for reading!
Carlo Alberto