Aren't there ways with PGP to encrypt files? I remember dabbling with it a while ago.
Linux
A community for everything relating to the linux operating system
Also check out !linux_memes@programming.dev
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
This would only work on single files or archives, but yes probably a good idea. I think cryptomator slices up files into equal pieces and then encrypts both, protecting against analysis of file types, but being sync-friendly.
Borg backup is the way to go for this.
Its designed to have encrypted repos that are send to any destination remote or local.
I second Borg. It's fantastic.
Does that work with Nextcloud too? So send the encrypted stuff to Nextcloud or copy to another dir at least?
You use it to take the NextCloud files (set the NextCloud directory as a source) and Then you sent the files to a backup repository (destination).
You don't send the backup files to a NextCloud install. That's not the correct way to use the tool.
I self host a Borg repository in docker so the backup gets sent locally and then I also use borgbase as offsite backup.
You can have as many sources and destinations as you want
I am not sure I understood. I have a Nextcloud client and sync to a server I dont trust. Or that I dont want to encrypt with LUKS.
And I want to open decrypted tiles, use them and save them encrypted to a directory that I sync with Nextcloud.
No, I don't have an answer to your question. But I have one: is there a reason you aren't using a backup tool with integrated encryption, like restic, for this? It sounds as if you're doing encrypted backups, but the hard way.
I use Nextcloud and may use other solutions too.
All the rest is with syncthing between trusted devices
You can use LUKS for something like this too by mounting a file through a loop device and then using it like any other disk/filesystem. For more details, see: https://wiki.archlinux.org/title/Dm-crypt/Encrypting_a_non-root_file_system#File_container
Cool! That sounds like a great option.
Why not just compress a directory then encrypt that?
It needs to be repeatable easily and easy to use for sync. This method would always encrypt everything new.