In developing a new (and hopefully more straightforward and user-friendly than what exists today) GUI-based, Time Machine-like backup utility for Ubuntu, I decided to use EncFS for encryption of backups. EncFS is a cryptographic filesystem, aiming to make securing data easy. To do this, it implements a user-space, stackable cryptographic filesystem. It has a relatively gentle learning curve compared to other Linux encrypted filesystems.
Ensuring that EncFS would maintain fidelity of files once encrypted and then decrypted again is of critical importance, as if data loss is encountered due to failure in the underlying cryptographic components, then any other part of the backup software would be for naught. Full system backups need to preserve, among obvious components like file names, paths, and data, links (both symbolic and hard), modification times, and extended attributes. In verifying EncFS’s ability to preserve these components during both forward and backward encryption, I quickly found that when using EncFS, if a symlink to a regular file exists in a decrypted directory, the extended attributes on the target of the link cannot be read.
I’ve patched this problem in EncFS myself, though backporting these patches into Ubuntu through official channels (the EncFS owner) seems to not be a frequent occurrence. So, I’ve patched EncFS for the currently supported versions (as of 3/24/2017) of Ubuntu (14.04, 16.04, and 16.10) and placed these patches in my own PPA.
Anyone wishing to ensure that their EncFS maintains proper extended attributes on files passed through symlinks may use my PPA to easily update their version.
sudo add-apt-repository ppa:track16/ppa
sudo apt-get update
sudo apt-get install encfs
and you’re done!