Data Encryption

foner-rsync at foner-rsync at
Mon Jun 12 21:51:05 GMT 2006

    Date: Mon, 12 Jun 2006 14:18:00 -0400
    From: Matt McCutchen <hashproduct at>

    On Mon, 2006-06-12 at 10:58 -0700, Chuck Wolber wrote:
    > On Mon, 12 Jun 2006, Brad Farrell wrote:
    > > Is there a way with rsync to encrypt data at the source before 
    > > transmitting? Not talking about the actually transmission, but the data 
    > > itself.  I've got a few department heads that want their data secured 
    > > before it leaves their computer so that no one in the office can access 
    > > the data except for them.

    Then again, the data is saved decrypted on the destination disk.  Maybe
    the files should be individually encrypted with a symmetric algorithm on
    the source before transmission.  This could be done with either a script
    or the --source-filter option provided by an experimental rsync patch.

    Note that typical encryption algorithms prevent incremental transfer
    from identifying unchanged portions of a file; rsyncrypto does not but
    I'm not sure I trust its security.

The right solution is probably to run an encrypted filesystem on the
machine that holds the backups, and of course to use ssh getting the
files there.  That way, rsync's incremental algorithm is actually of
some use.  While you're at it, put an encrypted filesystem on the
machines the data is coming -from-, too, especially if they're
laptops.  Machines do get stolen.

More information about the rsync mailing list