Truecrypt Rsync Container

Question

Is there a good way to incrementally sync truecrypt containers? I currently have large containers (200gb+), and I'd like to find a way to back them up without having to mount them. Rsync seems to not be able to sync incrementally and instead tries to re-transfer the whole container each time even when only a single file inside the container changed.

Is there some rsync patch or some specific option to make rsync look harder for differences instead of transferring the whole file? Or, is there some better tool to do this?

Daniel Hanrahan · Answer 1 · 2013-08-17T17:19:31.733

I've just tested rsyncing a TrueCrypt container to a remote host.

Incremental backups do in fact work. Initial transfer of a 128 MB container:

bash$ rsync -v --progress --checksum --inplace test.tc $REMOTE_HOST:
test.tc
   134217728 100%  339.51kB/s    0:06:25 (xfer#1, to-check=0/1)

sent 134234196 bytes  received 31 bytes  338547.86 bytes/sec
total size is 134217728  speedup is 1.00

Then I copied a file to the TrueCrypt volume and rsynced again:

bash$ rsync -v --progress --checksum --inplace test.tc $REMOTE_HOST:
test.tc
   134217728 100%   49.42MB/s    0:00:02 (xfer#1, to-check=0/1)

sent 162256 bytes  received 81140 bytes  23180.57 bytes/sec
total size is 134217728  speedup is 551.44

As you can see, after adding a file to the container, the second transfer was only 160 KB.

Notes:

the --checksum option tells rsync to use checksums instead of only looking at the mod-time and size; if you don't do this, rsync won't know that the volume changed.
the --inplace option tells rsync to update the destination file in-place.

score 3 · Answer 2 · edited Jul 23 '13 at 11:42

It seems this has been solved.

From the rsync website:

We are happy to report that the internal structure of truecrypt disk images make it possible to efficiently rsync them to a remote location. This means that after the initial (complete) upload of your TrueCrypt disk image, subsequent uploads will efficiently transfer only the changes that have been made to the encrypted filesystem since its last upload.

score 2 · Answer 3 · answered Aug 14 '11 at 05:58

Unfortunately, due to the nature of stream encryption, it is not possible to incrementally back up an encrypted volume. This is because the entirety of the volume is cryptographically dependent on each individual part. This is for security reasons. You will need to either decrypt the container, or copy the container entirely each time.

score 1 · Answer 4 · answered Aug 14 '11 at 06:51

RSync is a good tool for this because of its "delta-transfer" feature (which is enabled by default) that only transfers changed sections of files.

The fact that your file is at least 200 GBs means that when RSync reads the entire file to detect changes, it's likely that you're getting the impression that the whole file may be getting transferred instead of only its changes.

Truecrypt Rsync Container

4 Answers4