Carbonite backups with encrypted files

I’ve recently begun using Carbonite for backing up my files. Carbonite is a very easy-to-use and works quite well… But, that’s another subject for another post. I did, however, run into some problems when contemplating how the backups are affected by encrypted files. When using TrueCrypt to encrypt files, there are some issues to be aware of.

I wanted to test Carbonite backups with Bitlocker, but I realized Bitlocker only comes with Enterprise and Ultimate editions of Windows 7 and unfortunately I only have the Pro edition. I was told that the best alternative to Bitlocker is TrueCrypt, so I continued my investigation using TrueCrypt.

If you use whole-drive or while-partition encryption, you shouldn’t have any problems backing up the files to Carbonite. Once you startup the computer and unlock the encrypted drive/partition with your key, windows has unlimited access to the files on the system. Because Carbonite runs within windows, you don’t encounter any problems.

However, if you use volume containers (which are single encrypted files stored on your regular partition, which can be mounted as virtual partitions), you can run into some problems. There are two backup options that you could choose, both with issues that you need to be aware of:

  1. You can backup the volume container (.tc) file itself
    1. By default, TrueCrypt is configured so that the container .tc file does not update the time stamp when files within the container are modified. This is a problem because Carbonite relies on the time stamp of the files to determine if it should check them and backup changes to the file. The option to “Preserve modification timestamp” is turned on (meaning that it won’t change the timestamp when contained files are updated) because of potential security threats. The option can easily be turned off in the general TrueCrypt settings.
    2. Even when turning off the “Preserve modification timestamp” option, TrueCrypt does not update the container file’s timestamp (when files within the container change) until after you dismount the container from the virtual partition. The container files are automatically unmounted when the system restarts; therefore, at a minimum, you can expect the encrypted container file to be backed up after every restart.
    3. Carbonite encrypts the content it backs up before it sends it over the wire, and then encrypts it again when it reaches the Carbonite servers (before it stores the backup contents on the server drives). So, when backing up your already-encrypted .tc container files, they end up being triple-encrypted when they are stored on Carbonite’s servers. This isn’t a bad thing, but something to be aware of.
  2. You can backup the files within the container, after the .tc container file is mounted as a virtual partition.
    1. When you restart your computer, you need to make sure you re-mount the container file as a virtual partition (with the same drive letter) at least once every thirty days. Otherwise, your files will be deleted from Carbonite’s backup servers because Carbonite will not be able to find the files and think that they have been deleted.
    2. This is probably the simpler approach, though. Your files are safe; they are encrypted on your computer and they are encrypted on Carbonite’s server.

Leave a Reply

Your email address will not be published. Required fields are marked *