rsync and encryption

Jason Haar Jason.Haar at
Mon Aug 29 14:55:43 MDT 2011

I think Dirk was asking about securing the *DATA* on the remote server -
not the *TRANSPORT*

I'd recommend encfs. It has a "--reverse" option which allows you to
mount a data tree and the new mount shows up with encrypted filenames
and content. rsync that to the remote server, and even the local
sysAdmins won't have access to the data


encfs --reverse /home/ /tmp/crypt-view
rsync -azv /tmp/crypt-view remote-server:.......

After a data loss, you could rsync that encrypted content back, then
encfs-mount it and access the unencrypted data

We use it as a mechanism of role separation: it allows our security
group to use the server group infrastructure for backups/storage,
without giving them access to the data...



Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the rsync mailing list