I’ve been backing up some of my larger files to Bluray lately, instead of trying to upload them over a 10 Mbps uplink.
In the past, I used GPG (on a .tar or compressed .tar.xz) or Veracrypt (on a file container) to encrypt at rest, before burning those files onto a standard UDF/ISO9660 optical disc. Now that I use a Linux desktop, I wanted something slightly more native — a method that
- protects the directory structure and filenames without needing to use an archive file (like .tar);
- would be generally unintelligible on a Windows PC (this is a feature, not a bug); and
- could be scripted on the command line for server backups, without requiring a GUI.
Based on some resources online, I settled on using LUKS.