nFreezer – Backup with no trust needed in your remote server!

Spread the love

nFreezer (for encrypted freezer) is an encrypted-at-rest backup tool, designed specifically for the case when the destination server is untrusted. With nFreezer, the data is safe on the destination server even if a malicious user gets root access to it.
Use case: you can store your private data on a friend’s computer, or on a remote server on which you never had physical access and that you don’t fully trust.


  • encrypted-at-rest: the data is encrypted locally (using AES), then transits encrypted, and stays encrypted on the destination server. The destination server never gets the encryption key, the data is never decrypted on the destination server.
  • incremental and resumable: if the data is already there on the remote server, it won’t be resent during the next sync. If the sync is interrupted in the middle, it will continue where it stopped (last non-fully-uploaded file). Deleted or modified files in the meantime will of course be detected.
  • image graceful file moves/renames/data duplication handling: if you move /path/to/10GB_file to /anotherpath/subdir/10GB_file_renamed, no data will be re-transferred over the network.

    This is supported by some other sync programs, but very rarely in encrypted-at-rest mode.

    Technical sidenote: the SHA256 hashes of the unencrypted files are stored encrypted on the destination (phew!). Thus, no SHA256 hash could be accessed (to get information about your data) in the event of a breach on the destination server.

  • stateless: no local database of the files present on destination is kept. Drawback: this means that if the destination already contains 100,000 files, the local computer needs to download the remote filelist (~15MB) before starting a new sync; but this is acceptable for me.
  • does not need to be installed on remote: no binary needs to be installed on remote, no SSH “execute commands” on the remote, only SFTP is used
  • single .py file project: you can read and audit the full source code by looking at, which is currently < 300 lines of code.

Click HERE for further information.

You might also like