I am using duplicati a while now and have read a lot about the techniques used for storing sensitive information.
Correct me if I am wrong or something is outdated (I have seen many old posts)…
- Backup passphrases(also remote host info) are stored at the Duplicati-server.sqlite as plain text( I am using windows and couldn’t see the info of the db as I get the error message ‘this is not a database’).
- In windows this Duplicati-server.sqlite is being encrypted-Not that good for a hacker though- but no to other OSes.
I have been experimenting with the backend lately and got the idea to add some code (duplicati\Duplicati\Server\Database\Connection.cs) to encrypt the data before storing them to the db and decrypt them everytime I retrieve them in LoadChildren() (duplicati\Duplicati\Server\Database\Backup.cs). Just so that they are not stored as plain text in the db.
Would that work? If no, why?
Also, does the local database of each backup has any sensitive data?
I am a newbie in coding and security concepts in general so any help would be much appreciated.