Signing already-encrypted files (all to self)?

Peter Lebbing peter at
Sat Nov 12 18:18:38 CET 2011

On 12/11/11 14:45, Chris Poole wrote:
> I don't remember asking it before, but one reason I don't like Truecrypt is
> that I use Duplicity to backup my local files, so having the individually
> encrypted makes things easier (since it'll just ignore the ones already
> backed up). Adding them to the truecrypt container would cause the entire
> thing to change (ignoring homomorphic encryption or things iterating towards
> that).

I think it was someone else (carrying an USB stick with a lot of individually
encrypted files) who mentioned disliking Truecrypt for their purpose.

For backups, you can get away without resorting to homomorphic encryption and
still have a small data transfer from live system to backup, at the cost of a
lot of sequential disk I/O at both sides.

In Truecrypt, only changing information changes (or rather, the sector or block
containing it). So if you have no problem with f.e. rsync doing rolling
checksums to find the parts that have changed, the actual data transfer will
still be rather small. But the rolling checksums are of course much more
intensive than a simple metadata check of each individual file, which is
probably what your setup does with individually encrypted files.


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at

More information about the Gnupg-users mailing list