Ok, mystery solved. After the file is encrypted for the first time, my script deletes the key file. When the file is encrypted a second time, rsyncrypto creates a new key file, and also generates a completely new encrypted output file (that is why rsync is fully transferring the file again).
If the key file is not deleted, rsyncrypto delivers the same output file, so rsync can use the rsync algorithm.
This leaves me here with one question. Is it possible to have the same encrypted file without keeping the key file on my pc ?
Thanks for the replies.
Rsyncrypto, while doing lots of stuff differently, is still modeled
after the classic encryption method. This means that there is one
asymmetric key to unlock all the files, but each file is encrypted with
its own symmetric (or "session") key. This is done for security
considerations, and cannot be turned off without some serious
rethinking of the security of the process.
If you delete the session key, the only place it is kept is,
encrypted, inside the encrypted file. In fact, it is this re-encryption
of the session key that is the header that changes between encryptions.
If you just run rsyncrypto again, a new session key will be generated,
and, obviously, the file will look completely different.
All is not lost. If you have the RSA private key and the old
encrypted file, you can use rsyncrypto to recover the previous session
key. Simply perform a decryption, and the session key will be
generated. Then use that same session key to encrypt again.
Of course, with the session key being 68 bytes and your encrypted
file being 1GB, the simplest thing to do is just keep the session key
around and not erase it.
-- Shachar Shemesh Lingnu Open Source Consulting Ltd. http://www.lingnu.com