Is there an rsync alternative, that stores compressed and encrypted?

I'm looking for a suitable off-site backup / file synchronization solution. Both local client and remote server run linux. Storage space on the server is limited, bandwidth between client and server is very limited.

I had a look at duplicity, Back In Time, Déjà Dup, luckyBackup, rsnapshot, rdiff-backup, rsynccrypto. None of those seem to do what I want, at least if I understand them correctly. They either store multiple versions, or do a full retransmit each time, or lack encryption, or lack compression. I tried a rsync/fusecompress/encfs combination, but fusecompress keeps destroying my files. I searched superuser and askubuntu, found only one similar question here (How to do rsync-like encrypted backup?), but there is no talk about compression and no fitting solution either.

Requirements:

simple mirroring, only one copy of the files (limited storage space)
update only the files that changed since last sync (limited bandwidth)
store files compressed and encrypted
encryption should happen on the client before transmitting

Basically, what I want is something that behaves like rsync, but stores the mirrored files compressed and encrypted. Does something like that exist?

Alfred Rupp

Posted 2012-08-16T18:55:37.327

Reputation: 171

1This is not meant to be mean but may sound like it; it appears like you are placing an order. We are here to help you, not do it for you. What have YOU searched/found/tried so far? – CharlieRB – 2012-08-16T19:22:38.530

1@CharlieRB I had a look at duplicity, Back In Time, Déjà Dup, luckyBackup, rsnapshot, rdiff-backup, rsynccrypto. None of those seem to do what I want, at least if I understand them correctly. They either store multiple versions, or do a full retransmit each time, or lack encryption, or lack compression. I tried a rsync/fusecompress/encfs combination, but fusecompress keeps destroying my files. I searched superuser and askubuntu, found only one similar question here (How to do rsync-like encrypted backup?), but there is no talk about compression and no fitting solution either. – Alfred Rupp – 2012-08-16T19:36:35.383

Great. That is the detail needed in your question. I added it for you so everyone who reads your question knows what you've tried and won't offer the same solutions. – CharlieRB – 2012-08-16T19:43:14.840

You want to compress (server-side) client-side encrypted files? How do you think this'll work? – Daniel Beck – 2012-08-16T19:43:17.680

@Daniel Beck: I want to compress client-side, then encrypt client-side, then transmit. – Alfred Rupp – 2012-08-16T19:53:25.417

If you're willing to let someone else host it, tarsnap might work for you. – Daniel Beck – 2012-08-16T21:25:32.373

Answers

If server is running ssh:

mount remote site locally with

sshfs -o nonempty,sshfs_sync,compression=yes username@host:/path/archives/ /mounted/encrypted/

Create the encrypted system and mount it (The first time you try to mount the directory, encfs will create the encrypted filesystem. It works like the regular mount):
```
encfs /mounted/encrypted /mounted/unencrypted 
```
use rsync to /mounted/unencrypted
unmount encryption
```
fusermount -u /mounted/unencrypted
```
eventually unmount remote resource
```
umount /mounted/encrypted
```

jet

Posted 2012-08-16T18:55:37.327

Reputation: 2 675

This is, what I've been doing so far, but it lacks compression. I can add a gzip -r, but then sshfs is not an option anymore, and I have to rsync twice. (rsync to a temporary dir, gzip -r that dir, rsync to the server) – Alfred Rupp – 2012-08-20T22:25:28.293

so then between 1) and 2) mount FuseCompress file system: https://code.google.com/p/fusecompress/

– jet – 2013-01-30T16:31:18.133

@jet between 1) and 2) is encrypted data; it's highly random and not likely to compress. – ʀᴏʙ – 2014-04-19T22:49:22.243

@Alfred Rupp,

Have you checked "Areca Backup"?

I think it fills the bill on everything you are asking/needing.

http://areca-backup.org/

Karl Wagner

Posted 2012-08-16T18:55:37.327

Reputation: 11

I think what you are asking for is a logical impossibility unless you store an earlier snapshot of the material on the client, so that the diffs can be constructed there without reference to the server.

The problem is that if the material is stored encrypted on the server, but the encryption key is only held on the client, then you have to transfer the content from the server to the client to produce the diff, unless the client kept a copy available for this purpose. The scheme in @jet's answer will suffer from this problem, and bandwidth will not be helped by the rsync algorithm in that case.

You don't say that file space is constrained on the client, so perhaps you can just run duplicity to a local file area and rsync the resulting files?

You might also want to read up about the cryptographic issues with encfs.

mc0e

Posted 2012-08-16T18:55:37.327

Reputation: 349