Encryption Algorithms
This page describes how Duplicati handles encryption
Last updated
Was this helpful?
This page describes how Duplicati handles encryption
Last updated
Was this helpful?
The modular design in Duplicati makes it simple to add new encryption methods, if needed. By default, Duplicati ships with a built-in -based encryption and a -based encryption that requires GPG binaries to be present on the system.
The built-in of the open-specification . The file format ensures that each volume is encrypted with a separate random file-encryption key (FEK), which makes it harder to perform analysis on the encrypted volumes. The file format also adds a signature that prevents modifications to the encrypted volume.
With GPG encryption the implementation requires the GPG binaries to be installed on the system. GPG is available on most Linux distributions, and in most package managers, but can otherwise be obtained via the .
By default, GPG encryption is done with symmetric encryption and default options (), using the provided passphrase. It is possible to supply custom arguments to GPG, to choose a different algorithm, or even set it up to perform asymmetric encryption where only the public key is present on the client.