2

I have a large number(>50GB) of files I want to back up in encrypted form, and I don't trust the crashplan provided encryption for these files. I'm using ecryptfs and doing this in my /etc/fstab:

/sensitive                         /sensitive-enc ecryptfs        defaults  0 0

So files in sensitive are unencrypted for my local use, and files in /sensitive-enc are encrypted versions of the files in sensitive. I've added /sensitive-enc to my CrashPlan, but their app cannot stat any of the files (apparently they only support fully kernel-space options). I can't change my backup provider, and I can't duplicate all of the files (e.g. encrypt and then back up)

Is there any way to either :

  1. Make this work as-is in CrashPlan?
  2. Use a different pass-through encryption that is kernel-only?

To clarify, I'm hoping to not encrypt the source material, but to use a pass-through encryption scheme

Hamy
  • 225
  • 1
  • 14
  • Buried deep in their terms of service is the admission that CrashPlan does indeed escrow your encryption keys. So you are right not to trust them. – Michael Hampton Aug 31 '14 at 16:07
  • Not for my sensitive data ;-) For my normal data, I enjoy the second layer of encryption that they provide but I don't rely on it – Hamy Aug 31 '14 at 17:44
  • Crashplan also supports providing it an certificate if you do that they don't have the ability but neither do you if you lose it – Ramhound Aug 31 '14 at 19:11
  • Unfortunately on a non-business plan you have to use the same authentication method for all computers--Trying to remotely setup my parents with certificate files is not an option, the escrow certificate + password took long enough ;-) – Hamy Aug 31 '14 at 23:35
  • For others coming later: Even if you provide your own private certificate file, you are trusting that the CrashPlan application is not uploading or storing it somewhere. I'm not that paranoid about this specific data, I would happily use self-provided certs if I didn't have other family members on this plan, but I think it's important for others to realize that they are still trusting Code42 even if they self-provide – Hamy Sep 02 '14 at 22:17

1 Answers1

1

Crashplan will manually scan the directory per your settings- it's not real time in this mode - but it works with your plan.

Braiam
  • 4,709
  • 3
  • 26
  • 57
Matthew
  • 11
  • 1
  • 1
    This doesn't answer my question at all, and it's incorrect--Crashplan cannot possibly "manually scan the directory" if Crashplan only supports kernel-level encryption and I'm using ecryptfs. While I'm happy to be proven wrong, I get the feeling you didn't read the question... – Hamy Sep 02 '14 at 22:13