I want to use encfs to encrypt parts of the data that I sync with SnapRAID. I'll then backup the encrypted files on a cloud storage service. I don't need the local data to be encrypted so I don't care if SnapRAID stores unencrypted data.
The (decrypted) encfs drive will always be mounted to be available over smb. As for SnapRAID, i'm thinking I'll just sync the decrypted drive and add the encrypted folder to SnapRAID excludes.
Is this a good way of doing it? I guess I could sync the encrypted files instead but I would have to leave file names clear to make snapraid fix operations manageable, wich I would prefer not to.
Thanks.
Last edit: deTTriTTus 2015-11-24
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
If you encrypt the whole device snapraid will run for sure but saving (encrypted) data to cloud becomes extremely complicated - encfs is the ideal solution because the data is already split in convenient small(ish) files as opposed to bulk xxxx GB-sized devices.
IF snapraid works at all "inside" clear text (fuse-mounted) filesystems I don't see TOO many issues. I assume if encfs is stable enough for your apps it will be also for snapraid. You might even get quite a bit of security if you have content files on some encrypted filesystem as well if you wish (I wouldn't bother with parity, there's quite a complicate discussion how safe is this).
One important point maybe worth mentioning: encfs encryption isn't deterministic (or it might depend on the options used when making the filesystem, you can check the manual). So in theory if you have the decrypted data you might not be able to get the encrypted data but if you have the encrypted data and the small dot file (which I assume are easy to store+remember) you can always get the decrypted data! This means it is better (reliability-wise) to let snapraid operate on clear (not encrypted) data because in theory if you lose for example too many disks (more than your parity) you'd have a better chance for recovery if you get the clear data from somewhere.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
I want to use encfs to encrypt parts of the data that I sync with SnapRAID. I'll then backup the encrypted files on a cloud storage service. I don't need the local data to be encrypted so I don't care if SnapRAID stores unencrypted data.
The (decrypted) encfs drive will always be mounted to be available over smb. As for SnapRAID, i'm thinking I'll just sync the decrypted drive and add the encrypted folder to SnapRAID excludes.
Is this a good way of doing it? I guess I could sync the encrypted files instead but I would have to leave file names clear to make snapraid fix operations manageable, wich I would prefer not to.
Thanks.
Last edit: deTTriTTus 2015-11-24
This is how I would do it.
http://zackreed.me/articles/79-encrypted-snapraid
If you encrypt the whole device snapraid will run for sure but saving (encrypted) data to cloud becomes extremely complicated - encfs is the ideal solution because the data is already split in convenient small(ish) files as opposed to bulk xxxx GB-sized devices.
IF snapraid works at all "inside" clear text (fuse-mounted) filesystems I don't see TOO many issues. I assume if encfs is stable enough for your apps it will be also for snapraid. You might even get quite a bit of security if you have content files on some encrypted filesystem as well if you wish (I wouldn't bother with parity, there's quite a complicate discussion how safe is this).
One important point maybe worth mentioning: encfs encryption isn't deterministic (or it might depend on the options used when making the filesystem, you can check the manual). So in theory if you have the decrypted data you might not be able to get the encrypted data but if you have the encrypted data and the small dot file (which I assume are easy to store+remember) you can always get the decrypted data! This means it is better (reliability-wise) to let snapraid operate on clear (not encrypted) data because in theory if you lose for example too many disks (more than your parity) you'd have a better chance for recovery if you get the clear data from somewhere.