encrypted backups for Linux and FreeBSD readable for both

Let's establish a couple of assumptions. Do comment if those are not correct.

  1. you run machines with different operating systems, and potentially different platforms.
  2. you describe it for the case with 2 machines, and Linux and FreeBSD
  3. your machines use encrypted filesystems
  4. you want to create backups of your data, and want those backups to be encrypted too
  5. you want to be able to access data in those encrypted backups from any of the platforms contributing to the archive

(comment added to make a distinction between forms of encryption)

You mention you would like to be able to access the others systems data, from the surviving machine. One way could be to store unecrypted backups, on the local machine, on it's encrypted filesystem. Another could be to store encrypted backups, on the local machine, on an not encrypted filesystem. I suggest to store encrypted backups, on not encrypted filesystems.

However, as an aside - there is always a concern over encrypted backups: - you really need to be careful with the key - partial corruption usually kills the whole backup

my suggestion: use

  • Brackup, or
  • Duplicity

to create backups to one or multiple containers both machines can access.

To keep it all inside your LAN, you could:

  1. create a "backup" filesystem on both hosts, to store the encrypted backup "packages". It does not need to an be encrypted filesystem, as the backup "packages" (brackup calls them "chunks") stored on it will be encrypted
  2. export these filesystems, e.g. with NFS, and mount it on the other hosts, respectively
  3. when you create backups, dump them to the local filesystem, and mirror them to the NFS-mounted directory on the other host. This has the nice side effect of having two instances of your backup files.

you now will have the following filesystems on your servers:

on tux, your Linux machine:

/dev/foo            /           # encrypted filesystem
/dev/bar            /tuxdump    # unencrypted filesystem, local backup
beastie:/daemondump /daemondump # NFS backup destination

on beastie, you FreeBSD machine:

/dev/flurb          /           # encrypted filesystem
/dev/baz            /daemondump # unencrypted filesystem, local backup
tux:/tuxdump        /tuxdump    # NFS backup destination

depending on the amount of data you need to backup, you could also think about an offsite container, any cloud provider would do. I'm currently playing around with configuring my S3 containers so that old stuff gets aged out to Glacier, that looks very promising, pricewise.


Duplicity - great tool for this task, uses GPG for encryption. I am using it for some time and I really recommend.

As alternatives you can try:

  • obnam - is a new project, but has some nice features (it is a little slow if using through ssh/scp)
  • burp - encryption with password

TrueCrypt should work both under Linux and FreeBSD. Although I regularly use TrueCrypt only under Windows and haven't tried FreeBSD Truecrypt myself. YMMV.


You can backup the files of your machines using ordinary rsync on the other machines hard drive. As you're using local encryption anyways, it's encrypted with the local systems encryption and transmission is secured by TLS. Updates are fast and you stick with well proven encryption and backup mechanisms.

If you just have to backup files on some untrusted system, plain GPG worked well for me. I automated some encryption and FTP transfer with python, which runs nicely for two years already.