If I may Jump on this topic it is both very interesting and fairly complex because you have to consider several different use cases and most people miss the fact that one of urbackup most interesting feature is that if the same file is present on multiple clients, urbackup will only save it once…
in terms of use cases, would it be fair to summarize the following ones:
- I am ok keeping my backup files un-encrypted on my server and across my LAN but I want to encrypt it during transfer over the internet -> case already covered with internet server transfer.
- I am ok keeping my backup files un-encrypted on my server and across my LAN but I want to encrypt it when sending a copy over a cloud storage -> (you can do that by using a third party tool copying the urbackup db to the cloud (arq/allwaysync/goodsync))
- I want my backup files encrypted on my server -> can be achieved by using a bitlocker disk-wide encryption solution.
- I want my backup files encrypted on the client side with a key unavailable to the urbackup server administrator -> would require some coding and break the option of not duplicating files on the urbackup server.
- I want my backup files encrypted on each client sides seprately but I am ok if the urbackup server administrator can decipher any of them… -> would require coding but shouldn’t be a major challenge, one trick to deal with filenames, attributes, timestamps would be to replace them with a fingerprint (hash based) on the server side. This would allow to track duplicates without expliciting mapping it to a filename… just a pointer to the db of each client.
please feel free to comment if I missed something.