Remote backup with a file by file encryption?
Unfortunately not so much response on my question. Still my time searching and puzzling might be helpful to others who want to do the same so I answer my own question.
Like I said, duplicity works fine, does its encryption on the fly but creates encrypted backup sets with fixed file sizes. To me the disadvantage is that I don't know how it will handle file-corruption so I prefer single files.
The solution I came up with works with rsync and encfs. Encfs creates a virtual partition to which I can rsync my local data for backup. Encfs encrypts on a file by file basis so the encrypted data is just an encrypted direct copy of your original data. This encrypted backup is then rsynced to the iMac. By default Encfs encrypts the filenames to prevent data leaks which might weaken the encryption, however you can disable this encryption if you want to. For decrypting you will need a small static options file (make an extra copy on usb-stick), your password and the encrypted file itself.
The differences between the two methods:
- Duplicity works on the fly, Encfs does its encryption beforehand.
- Duplicity makes backup sets, Encfs makes a file by file encrypted copy. (So no incremental backup, though you can still do this with rsync options)
- The solution which I use makes a local backup also, this increases execution time and diskspace needs. But you can also skip the local backup and use the virtual partition as your data partition, so only have the encrypted data on hdd.
- With Encfs you need just the file itself to restore, with Duplicity you need the whole set.
I also checked:
- Rsyncrypto, file by file encryption but file names always encrypted and a seperate keyfile per file.
- Cryptsetup / dm-crypt, better suited for disk/partition encryption.
- Truecrypt, preallocated partition space, not file by file.
- eCryptfs, almost the same as encfs but does not work very well with sparse files and looks less flexible.