search

Encrypting and decrypting files

This page describes how to work with encrypted files outside of normal operations

In normal Duplicati operations, the files at the remote destination should never be handled by anything but Duplicati. Changing the remote files will always result in warnings or errors when Duplicati needs to access those files.

However, in certain exceptional scenarios, it may be required that the file contents are accessed manually.

hashtag
Processing files encrypted with AES encryption

The files encrypted with the default AES encryption follows the AESCryptarrow-up-right file format, so any tool that supports the AESCrypt file formatarrow-up-right can be used to decrypt and encrypt these files.

For convenience, Duplicati also ships with a command line binary named SharpAESCrypt that uses the same library that is used by Duplicati. This tool can be used to decrypt the remote volume files with the encryption passphrase, as well as encrypt files.

hashtag
Processing files encrypted with GPG encryption

Files encrypted with GPGarrow-up-right can choose one of the many ways, and a general overview of how GPG works can be found in the GPG man-pagesarrow-up-right. When using the default options, Duplicati will use the symmetric mode for GPG. In this mode, you can use this command to decrypt a file:

gpg -d volume.zip.gpg -o volume.zip

And similarly, to encrypt a file, you can use:

gpg --symmetric volume.zip -o volume.zip.gpg

hashtag
Re-compress and re-encrypt

If you need to switch from GPG to AES, or vice-versa, you can use the Recovery Tool to automatically process all files on the storage destination. The recovery tool also supports recompressing or changing the compression method.

If you use this method, make sure to recreate the local database.

PreviousUsing remote file lockingNextUsing Duplicati from the Command Line

Last updated

Was this helpful?