LogoLogo
  • Duplicati Documentation
  • Getting Started
    • Installation
    • Set up a backup in the UI
    • Running a backup
    • Restoring files
  • Detailed descriptions
    • Choosing Duplicati Type
    • Using the secret provider
      • Local providers
      • Cloud providers
      • Advanced configurations
    • Using remote management
      • Using remote control with agent
    • Migrating Duplicati to a new machine
    • Scripts
    • Sending reports
      • Monitoring with Duplicati Console
      • Sending reports with email
      • Sending Jabber/XMPP notifications
      • Sending HTTP notifications
      • Sending Telegram notifications
      • Custom message content
    • Duplicati Access Password
    • Import and export backup configurations
    • Filters in Duplicati
    • The local database
    • The server database
    • Preload settings
    • Retention settings
    • Using Duplicati with Linux
    • Using Duplicati from Docker
    • Using Duplicati with MacOS
    • Using Duplicati with Windows
    • Running a self-hosted OAuth Server
  • Using tools
    • Encrypting and decrypting files
    • Using Duplicati from the Command Line
    • Recovering from failure
    • Disaster recovery
  • Backup destinations
    • Destination overview
    • Standard based destinations
      • File Destination
      • S3-compatible Destination
      • FTP Destination
      • SFTP (SSH) Destination
      • WebDAV Destination
      • OpenStack Destination
      • Rclone Destination
      • CIFS (aka SMB) Destination
    • Provider specific destinations
      • Backblaze B2 Destination
      • Box.com Destination
      • Rackspace CloudFiles Destination
      • IDrive e2 Destination
      • Mega.nz Destination
      • Aliyun OSS Destination
      • Tencent COS Destination
      • Jottacloud Destination
      • pCloud Destination
      • Azure Blob Storage Destination
      • Google Cloud Storage Destination
      • Microsoft Group Destination
      • SharePoint Destination
      • SharePoint v2 (Graph API)
      • Amazon S3 destination
    • File synchronization providers
      • Dropbox Destination
      • Google Drive Destination
      • OneDrive Destination
      • OneDrive For Business Destination
    • Decentralized providers
      • Sia Destination
      • Storj Destination
      • TahoeLAFS destination
  • Duplicati Programs
    • TrayIcon
    • Server
    • Command Line Interface CLI
    • Service and WindowsService
    • Command Line Tools
      • AutoUpdater
      • BackendTester
      • BackendTool
      • RecoveryTool
      • SecretTool
      • SharpAESCrypt
      • Snapshots
      • ServerUtil
    • Agent
    • LICENSE
      • Duplicati Inc & Open Source
      • License Agreement
    • OAuth Server
  • SUPPORT
  • Installation details
    • Release channels and versions
      • Upgrading and downgrading
      • Downgrade from 2.1.0.2 to 2.0.8.1
    • Package options
    • Developer
  • TECHNICAL DETAILS
    • Architecture Premises
    • Understanding Backup
      • How Backup Works
      • Encryption Algorithms
      • Backup size parameters
    • Understanding Restore
      • How Restore Works
      • Disaster Recovery
    • Database versions
    • Server authentication model
    • Option formats
Powered by GitBook
On this page
  • Processing files encrypted with AES encryption
  • Processing files encrypted with GPG encryption
  • Re-compress and re-encrypt

Was this helpful?

Export as PDF
  1. Using tools

Encrypting and decrypting files

This page describes how to work with encrypted files outside of normal operations

PreviousRunning a self-hosted OAuth ServerNextUsing Duplicati from the Command Line

Last updated 5 months ago

Was this helpful?

In normal Duplicati operations, the files at the remote destination should never be handled by anything but Duplicati. Changing the remote files will always result in warnings or errors when Duplicati needs to access those files.

However, in certain exceptional scenarios, it may be required that the file contents are accessed manually.

Processing files encrypted with AES encryption

The files encrypted with the default AES encryption follows the file format, so can be used to decrypt and encrypt these files.

For convenience, Duplicati also ships with a command line binary named that uses the same library that is used by Duplicati. This tool can be used to decrypt the remote volume files with the encryption passphrase, as well as encrypt files.

Processing files encrypted with GPG encryption

Files encrypted with can choose one of the many ways, and a general overview of how GPG works can be found in the . When using the default options, Duplicati will use the symmetric mode for GPG. In this mode, you can use this command to decrypt a file:

gpg -d volume.zip.gpg -o volume.zip

And similarly, to encrypt a file, you can use:

gpg --symmetric volume.zip -o volume.zip.gpg

Re-compress and re-encrypt

If you need to switch from GPG to AES, or vice-versa, you can use the to automatically process all files on the storage destination. The recovery tool also supports recompressing or changing the compression method.

If you use this method, make sure to .

AESCrypt
any tool that supports the AESCrypt file format
SharpAESCrypt
GPG
GPG man-pages
Recovery Tool
recreate the local database