I intend to backup my whole system, secondary and external HDDs to Amazon Cloud. Currently my drives are not encrypted at all. I'm running Windows 10 (no UEFI). I was wondering what is the best way to securely encrypt private data before uploading it to Amazon's cloud? I would like to have on the fly encryption, so there would be no need to create a container any sync it manually with Amazon's cloud software afterwards, but rather sync and encrypt the whole drive in real-time. Quite some people recommend Boxcryptor, but it doesn't support Amazon's Cloud. Cryptomator seems like a good choice, but how secure is it, since it's not open source? There is also Duplicati, SyncBackPro and StableBit, do you have any experience with any? How do they compare? Any other recommendations?
How large a system are you talking about in Gigs?? Also, what level of safety are you wanting? By that I mean just privacy from prying eyes OR wanting to combat a 3 letter agency. The approach is different depending upon that answer. Syncing as you refer to it creates data logistical nightmares when you don't control both ends of the handshake. Placing secure data on a cloud and then returning that data safely and securely is actually easy. However all aspects of that are handled locally because the cloud is unable to do anything to encrypted data. Let me explain. e.g. you can use Macrium Reflect on Win 10 and that software allows you to write out data to a location on the cloud. The data going up to the cloud is already encrypted by Macrium and can only be decrypted or of use to Macrium leaving the cloud provider in the dark (as you want it to be). Then you can setup incremental backups using Macrium so that you won't have to backup the entire system every time. Restores if needed simply reverse the process. In my case I would save the backup (completely) locally and send it up as an encrypted file/folder. Do a sha checksum on it and then record that sum. This allows me to monitor the returned file and before I would use it, I would examine the checksum for certainty of being unchanged. IMPORTANT note: files leaving a computer and headed to a cloud don't travel in a pretty little straight line like you might imagine in your mind. The internet is full of gateways and actors in elevated positions on the connection trace. This means you just cannot allow anything to pass through in plain text or your plan is dead in the water. Encrypt locally and do checksum integrity examinations, which are perfectly determinable.
There's a related discussion at: https://www.wilderssecurity.com/threads/encryption-on-cloud.372933/#post-2455046 I'm not a user, but the closest open source client solution I'd like to trial as an when, is Duplicati. Other users on this site have positive experiences of it, but I can't comment on whether it would work. It nominally has an Amazon S3 interface (amongst others), and does run on Windows and Linux. http://www.duplicati.com/ There has been some progress towards a stable V2.0.
I obviously don't know exactly what you are wanting to do and what resources you have. The free version is limited, but the $99 a year is a steal for what you get. Zero-Knowledge protocol is used with ODrive program. More info https://www.odrive.com/features/encryption I've streamed a few of their live presentations (archived on YouTube) and they are impressive. They bring all of your storage providers (Dropbox, Amazon Cloud Drive and S3, Yandex, and many more) under one application that encrypts everything before it ever leaves your computer. Watch some of the videos. It sounds expensive until you realize how powerful this single service is. Here is their main site https://www.odrive.com/
I have found out this tool just yesterday and it works pretty well: http://rclone.org/ I have uploaded (backed-up) about 5GB of encrypted data to Yandex Disk without a glitch. rclone is just CLI, no GUI but it's easy to use and you can set a cronjob to automate it.
