crypting remote data

Jason Haar Jason.Haar at
Sun Mar 9 04:37:05 GMT 2008

david reinares wrote:
> rsyncrypto looks fine, but still not which we're looking for.
> Having a complete file updated if a little change happens doesn't 
> bother me. We're performing daily rsync, so not many files can be 
> changed in a day.

Then what about encfs? Put your data onto a encfs mountpoint, and then 
rsync the encrypted version instead.

That's what we do for sensitive backups. It allows you to "outsource" an 
operational role like backups to one group - without giving them 
administrative access to the data (which happens with standard backups).

We NFS mount a share that is backed up, "encfs" over that mountpoint, 
and then backup onto the encfs. The end NFS share ends up with fully 
encrypted filenames and data. It's no good to anyone without the key...


Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

More information about the rsync mailing list