Would XChaCha20-Poly1305 be ample for this purpose?
Yes. But there’s a saying “Don’t roll your own crypto” that applies here. Cryptography is very much something that should only be done by people who know what they’re doing. Even the pros screw it up from time to time. I’d encourage you to write your own encryption program for educational purposes, but not to rely on it for real security until you get a lot of crypto experience under your belt.
A lot of people here will recommend rclone. This is a good recommendation, but rclone’s crypt remote has a few limitations that you should know about:
It does not obfuscate file sizes or the directory structure and file tree. This could allow an attacker who has access to the ciphertext to identify known collections of files. Don’t count on rclone’s encryption to help you deny being in possession of a pirated copy of The Simpsons, for instance.
It does not protect your files from a malicious cloud provider that wants to truncate or rearrange your files without being detected.
Rclone is still fine for encrypting photos that you took yourself, documents, etc. It’ll keep your private data from being sold on the dark web if your cloud account is hacked and dumped.
I was thinking about using PAR2
PAR2 saved me once when I had important files on a failing hard drive. It probably won’t help you much with cloud stuff though since most competent cloud providers have their own error correction. If you do use PAR2, apply it to the ciphertext, not the plaintext. If you get bit rot, you’ll need to repair the ciphertext to be able to decrypt it if it was encrypted with authenticated encryption.
I have some thoughts on this.
Yes. But there’s a saying “Don’t roll your own crypto” that applies here. Cryptography is very much something that should only be done by people who know what they’re doing. Even the pros screw it up from time to time. I’d encourage you to write your own encryption program for educational purposes, but not to rely on it for real security until you get a lot of crypto experience under your belt.
A lot of people here will recommend rclone. This is a good recommendation, but rclone’s crypt remote has a few limitations that you should know about:
It does not obfuscate file sizes or the directory structure and file tree. This could allow an attacker who has access to the ciphertext to identify known collections of files. Don’t count on rclone’s encryption to help you deny being in possession of a pirated copy of The Simpsons, for instance.
It does not protect your files from a malicious cloud provider that wants to truncate or rearrange your files without being detected.
Rclone is still fine for encrypting photos that you took yourself, documents, etc. It’ll keep your private data from being sold on the dark web if your cloud account is hacked and dumped.
PAR2 saved me once when I had important files on a failing hard drive. It probably won’t help you much with cloud stuff though since most competent cloud providers have their own error correction. If you do use PAR2, apply it to the ciphertext, not the plaintext. If you get bit rot, you’ll need to repair the ciphertext to be able to decrypt it if it was encrypted with authenticated encryption.