[Borgbackup] impossible to mount encrypted repository (via fuse)

devzero at web.de devzero at web.de
Sat Oct 21 15:28:54 EDT 2017 

from a user perspective, borg does the same as rsync: it saves files to another location. but only those being told to.

you would have the same problem with rsync, i guess.

why should borg read below the fuse mount when rsync doesn't ?

regards
roland

> Gesendet: Samstag, 21. Oktober 2017 um 18:39 Uhr
> Von: "David Luebeck" <ldl08 at gmx.net>
> An: "Thomas Waldmann" <tw at waldmann-edv.de>
> Cc: borgbackup at python.org
> Betreff: Re: [Borgbackup] impossible to mount encrypted repository (via fuse)
>
> 
> 
> Thanks Thomas and Larry for the guidance!
>  
> Ii am trying to summarize the situation (and my understanding) in the hope that it might help others in the future:
>  
> My laptop's OS (Lubuntu) is encryted using the "full disc encryption" that is offered as when installing the OS (alternate installer).
> It seems that in this case the decryption of files and folders in done 'on the fly' by Lubuntu as is required. In other words: most of the files/folders on my hdd remain encrypted until access to them is required, when they are being decrypted.
>  
> This 'decryption on the fly' happens, for example, when a full hdd backup is run by rsync.
> I now understand that when I use borg on my OS (Lubuntu), borg actually does not trigger the OS to decrypt on the fly (unlike rsync). As a consequence, data backed up by borg has been copied in its encrypted form.
>  
> All this is fully unrelated to borg's own encryption mechanism: should I choose not to make use of borg's encryption capabilities, the backup would still be encryted (the original Lubuntu encryption).
>  
> So:
> - using borg's encryption on a fully encrypted hdd results in a double-layered encryption -- which is certainly not what you want
> - if you want to use borg to back up your fully encrypted hdd, you either must a) ensure that borg triggers the OS' "decryption on the fly" of the hdd, or b) must make sure that the OS fully decrypts the entire hdd before you run the backup with borg.
>  
> May I ask whether my understanding so far is correct, and if so, which of the two solutions (a. make borg to trigger the OS to decrypt on the fly OR b. make the OS to fully decrypt the hdd before you run borg) is the way to go.
>  
> Thanks for your clarification,
>  
> David
>  
>  
> It looks like you archived encrypted files (encrypted directory names,
> file names and file content).
> 
> So if that is all you have and you did not also archive the "unencrypted
> view" onto these files (as offered after "opening" the ecryptfs with
> your encryption key / password), your only way to proceed is to extract
> that all and then open it with ecryptfs to get the decrypted view onto it.
> _______________________________________________
> Borgbackup mailing list
> Borgbackup at python.org
> https://mail.python.org/mailman/listinfo/borgbackup
>  
>  _______________________________________________ Borgbackup mailing list Borgbackup at python.org https://mail.python.org/mailman/listinfo/borgbackup

More information about the Borgbackup mailing list