On 26/02/2024 00:07, Jonathan Hutchins wrote:
Is encryption an option for rdiff-backup?
Not in itself, but you can run rdiff-backup on a system with block
device encryption such as LUKS + dm-crypt, and at the time of writing
this is offered as an option ('encrypt with LUKS') when installing
Ubuntu Server, which makes it easy for a new machine. Ubuntu also now
(v23.10) offers TPM-backed full disk encryption for those who need more
extreme precautions (or are just paranoid), see
https://ubuntu.com/blog/tpm-backed-full-disk-encryption-is-coming-to-ubuntu.
Or use fscrypt or a filesystem that supports encryption natively such as
Bcachefs or ZFS. For some discussion of the relative merits of these
approaches see https://github.com/google/fscrypt.
Or for a backup solution with bundled encryption, look at duplicity
https://duplicity.us/. It uses forward diffs rather than rdiff-backup's
reverse diffs, which IMO is unsatisfactory for long-term regular
backups; but your use case may be different.
