What is it?

Cryptosync is tool which makes compressed and encrypted incremental backups. That way one can efficiently copy the files to an other location with normal rsync. Not only the filecontents is encrypted, also the filename, mode, owner and groupinformation are stored encrypted.

How it works

Normally when you want to copy a backup to an off-site location, you would make a large tar-file, compress it and then encrypt it. Problem with this is that you have to copy the whole file when only a single file in the tarfile has changed.
Cryptosync instead compresses and encrypts each individual file and copies it to an other location but only the files that have changed. This way, one can use the standard rsync which then will only copy the files that have changed.
The blowfish algorithm is used. For each file the ivec is filled with 8 random bytes (which are stored in the output-file) and the key is set to the password. Before encryption the file is compressed with bzip2.


Usage is normally 2 steps:   1. execute cryptosync to go through the data to backup. changed files will be copied into a datastore for which you select the location
  2. using regular rsync, you copy the changed files of the datastore to the remote location

The datastore contains all your data in compressed and encrypted form.

# copy, compress & encrypt the original files to the datastore
/usr/local/bin/cryptosync --from /home/ --data-store /data/cs.datastore \
	--password mypassword --verbose --sync
# copy the encrypted files to the remote location
rsync --delete -S -e ssh -avz /data/cs.datastore \


cryptosync-1.0.tgz latest release


1.0 corruption fix of the index-file (caused by incorrect handling of symbolic links)
0.2 unknown users could cause a segfault
0.1 Initial release

contact form Winnen in de Staatsloterij! disclaimer