Combination of backup with local encryption

[Satlinker]

Would it be possible to combine backup with local file encryption? File encryption progs like gocryptfs produce locally encrypted files that can be mounted in a local folder to work with it unencrypted. Backup of these encrypted files is difficult, deduplication, splitting... doesn't work. Backup of the mounted (decrypted) files needs double de-/encryption and might be unsafe, because the backup prog stores data locally.
So a combination would be great: files are locally encrypted by the backup prog and -only when mounted- the backup can be performed and the user can work with the data. While not mounted, nothing changed and backup is not necessary.

[fracai]

I think all you would need to do is configure duplicacy to backup the mounted (un-encrypted) data. I don't think any cache files would contain clear data and the backup could be arranged to fail if the data isn't mounted.

You might want to bring this up on https://forum.duplicacy.com for more details.

[Satlinker]

fracai: I don't think any cache files would contain clear data...
That needs to be verified. Is local cache, password... safe?
What about the other way round: would it be possible to store the first encrypted backup locally, mount it as a local filesystem to work with the data and make all following backups from this first backup? Then you don't need the unencrypted data anymore.

[fracai]

fracai: I don't think any cache files would contain clear data...
That needs to be verified. Is local cache, password... safe?

I don't know what you mean by "safe". Usually if you can't trust your local storage you have bigger problems to resolve.

I can say that you don't need to store any encryption keys on disk and would need to enter them manually in order to access or add to your backups, unless you store them some other way.

What about the other way round: would it be possible to store the first encrypted backup locally, mount it as a local filesystem to work with the data and make all following backups from this first backup? Then you don't need the unencrypted data anymore.

There has been work to make backups mountable via fuse, though I don't think it's been merged. Regardless, the local mount wouldn't be writeable so your options for "working with the data" would be limited to read-only. If you then remove the original unencrypted data, your backup is now your only copy and isn't exactly a "backup" anymore.

It sounds like you're looking to use duplicacy as a live, encrypted file system, which it certainly wasn't designed for.

I do think it would be possible, and secure, to create an encrypted file system with some other tool, mount that FS, move your data in there, and create duplicacy backups of that mounted FS.

I suggest starting a thread on https://forum.duplicacy.com/ to discuss this further.