I fell in love with obnam, a very useful and fast backup program. However, when I encrypt my backup, obnam gets painfully slow, because it simply calls gpg for each chunk in the repository. Since I upload my backup repository to an untrusted server, encryption is necessary for me. Here is where encfs comes to the rescue. Encfs has a very useful –reverse option which enables me to have a container where I can see my files as if they were encrypted. I don’t need to encrypt my files locally since the whole hard disk is encrypted.
Here is my backup scenario:
First I back up my picture files to /Backup which is mounted on another harddisk:
obnam backup --repository="/Backup/obnam_Pictures/" --exclude-from="/Backup/obnam_Pictures_exclude" "/Common/Pictures/"
I can mount the repository to a directory to see all generations and files:
obnam mount --to="/Backup/obnam_mount/" --repository="/Backup/obnam_Pictures/"
Encrypting the repository:
echo mylongpassword | encfs --stdinpass --public --reverse "/Backup/obnam_Pictures" "/Backup/.obnam_Pictures_encfs"
Now the directory .obnam_Pictures_encfs shows the files in an encrypted form. Lastly I mirror this directory up to my server using lftp:
mirror --continue --reverse
--delete --verbose=3 /Backup/.obnam_Pictures_encfs /MyBackup/Pictures_encfs
Make sure the directory is mounted, otherwise the –delete option happily deletes everything on the server.
Note that encfs encrypts the files one by one, so only new chunks will be uploaded next time. This way I can make sure that not only obnam backs up incrementally but also the upload is incremental.