Synology: Backing Up Encrypted Folders

Now that you have an encrypted folder, you may be wondering how to back it up. I will cover the steps in this post.
synology

Before You Start

Encrypted folders can be backed up to an encrypted folder or they can be backed up to an unencrypted folder. Given that encrypted data that is backed up remains in encrypted form, you must backup an entire encrypted folder and the character limit is significantly more likely to be hit when backing up an encrypted folder to an encrypted folder, my recommendation would be to backup to an unencrypted folder.
Note: The backup folder should at least be on a different set of disks, but ideally a separate Synology/backup device.

How To Backup

The steps to configure backup are:

  • Create a shared folder — I recommend leaving this shared folder unencrypted.
  • Main Menu > Backup & Replication > Create > Data backup task.
  • Select either Local Backup Destination or Remote Backup Destination — for security reasons the Public Cloud Backup Destination should not be selected.
  • Select Back up data to local shared folder and enter the shared folder information you created during step 1.
  • Select the secure folder to back up — my preference is one secure folder per backup destination, but this is not a hard requirement.
  • Select applications to back up — this should be none.
  • Enter backup settings — keeping the defaults and entering a backup schedule is sufficient.

If you want, you can run the job now or wait for the schedule to run if configured.

Why Test Backup

I strongly recommend running a backup upon first creating it just to ensure it is working properly. When I first attempted to backup my encrypted folder I did it to another encrypted folder. Upon running the backup job it failed less than a minute in with an unhelpful error message. I looked all over for more detailed information including within Log Center, but I could not determine what was causing the failure. Finally, I decided to SSH into the Synology and tail /var/log/messages. To my surprise, I saw the following:

/var/log/messages:Oct  6 20:41:57 nas01 synolocalbkp: localbkp_copy_file.cpp:111 errno=[36/File name too long] Failed to open file [/volume1/testbak/nas01_1/@secure@/ECRYPTFS_FNEK_ENCRYPTED.FWZgXd3362dtBEbTzc5Upo7m7QuqkpiuIp4iOTIjlDG0tgcFDTJoObbcC---/ECRYPTFS_FNEK_ENCRYPTED.FWZgXd3362dtBEbTzc5Upo7m7QuqkpiuIp4iPukKQv2aqmvTjrsJTAUJuU--/ECRYPTFS_FNEK_ENCRYPTED.FWZgXd3362dtBEbTzc5Upo7m7QuqkpiuIp4inHtnQUnAkJH88v2a2nbRVE--/ECRYPTFS_FNEK_ENCRYPTED.FZZgXd3362dtBEbTzc5Upo7m7QuqkpiuIp4igVdIypmXdVMnilVdApyHuuyqSB9W1RH8sG7MiybTU7k8xmAkRyALaeOU5bb.diLs4-16q8R81IMH-2uvbEmUQU--]

In my case the double encryption results in me hitting the character limit. My directory structure was not deep and my file names were quite short so I suspect this to be a common problem. The resolution was to backup to an unencrypted folder.

Summary

The backup process for Synology is similar to the backup process for other systems. The most important thing to keep in mind when backing up an encrypted folder is that backing up to an encrypted folder is not really necessary and will likely result in issues. Always be sure to test you backups to ensure they are working properly.

© 2015, Steve Flanders. All rights reserved.

5 comments on “Synology: Backing Up Encrypted Folders

dominik says:

i faced same issue, i searched in many source finally got solution using Long Path Tool

Thanks for the comment and I am glad you found it!

Larry says:

Hi,
You mentioned this: “for security reasons the Public Cloud Backup Destination should not be selected.” Could you elaborate?

Hey Larry — thanks for the comment. The reasons why I stated that were because 1) my article talks about creating an unencrypted backup due to potential character limit issues 2) my goal was to get off public cloud storage solutions for reasons outlined in https://sflanders.net/2015/11/20/synology-home-lab-architecture/. I hope this helps.

Weeber says:

As you concluded, if it was up to the Synology and its hamstrung DSM, backing up encrypted shares is almost impossible. It can be done via debian-chroot: mount both encrypted shares, like you would any ecryptfs share, and use rsync to backup the content from one mounted ecryptfs folder to the other… but this is pretty much the same as just backing up the encrypted folder to an unencrypted one. In the end you will just have the encrypted gibberish replicated in the unencrypted share. You can mount it directly under debian-chroot as well.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top