When copying encrypted local storage to cloud, should it be encrypted again?

I used Duplicacy to create an encrypted local backup of my 1TB of files. Now, the day after, I want to do a Copy command to copy that local backup to my Backblaze B2 cloud storage. But I’m unsure if I should have Duplicacy encrypt the copy as well. It feels pointless, since Duplicacy already encrypted it when creating the local backup. I assume encrypting the copy takes time and resources, so I might as well avoid it if I can, right? Is there any reason to encrypt the copy?

Thanks!

If you want your data at Backblaze to be encrypted, you should initialize duplicacy storage there with encryption.

The reason to encrypt the copy is the same — zero trust approach. You don’t want Backblaze to be able to read your data.

Duplicacy uses very fast encryption, it’s never a bottleneck.

I don’t understand. If Duplicacy already encrypted the data when it made a local backup, how would Backblaze be able to read my data? The data Backblaze would see are encrypted Duplicacy chunks.

‘duplicacy copy` reads data from your source storage, decrypts it using keys from source storage, then repacks and re-encrypts it using keys from target storage and uploads to target storage.

If your target storage is not encrypted, your data will be readable by anyone.

In fact, IIRC the fact that you don’t encrypt target storage does not save you any CPU time: the data is still encrypted with the keys from the config file: it’s just the config file itself is plaintext if the encryption was not specified at the time of storage initialization.

More details here Duplicacy paper accepted by IEEE Transactions on Cloud Computing

1 Like

I see. Thanks. But this now makes me wonder: if I encrypt both the local backup and the “-copy” job, do I also need to encrypt my Backblaze B2 bucket? If I understand correctly, Duplicacy will have already encrypted my data, so Backblaze just sees encrypted chunks. I just want to make sure. (I have nothing else in the B2 bucket but my Duplicacy copy).

Correct, there is no reason to use Backblaze encryption in this scenario.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.