HashBackup creates encrypted, deduplicated, compressed backups on local and/or remote storage, with a key known only to you. These design goals have guided the development of HashBackup since 2009:

  • ensure high security in a convenient way

  • be easy to use for simple backup situations

  • provide optional features for more complex backups

  • make efficient use of CPU, memory, and disk resources

  • minimize remote operations and storage costs

  • hide complexity on the inside, show simplicity on the outside

  • minimize frustration with great documentation

  • prioritize solving customer problems over new development

Backing Up

In the simplest situation, you have some files to backup. That can be as easy as 2 short commands, init and backup:

$ hb init -c hb
HashBackup build #2197 Copyright 2009-2019 HashBackup, LLC
Backup directory: /Users/jim/hb
Permissions set for owner access only
Created key file /Users/jim/hb/key.conf
Key file set to read-only
Setting include/exclude defaults: /Users/jim/hb/inex.conf

VERY IMPORTANT: your backup is encrypted and can only be accessed with
the encryption key, stored in the file:


You MUST make copies of this file and store them in secure locations,
separate from your computer and backup data.  If your hard drive fails,
you will need this key to restore your files.  If you have setup remote
destinations in dest.conf, that file should be copied too.

Backup directory initialized

$ hb backup -c hb IMG_*
HashBackup build #2197 Copyright 2009-2019 HashBackup, LLC
Backup directory: /Users/jim/hb
Backup start: 2019-03-25 11:41:40
Copied HB program to /Users/jim/hb/hb#2197
This is backup version: 0
Dedup not enabled; use -Dmemsize to enable

Time: 0.4s
CPU:  0.3s, 68%
Mem:  65 MB
Checked: 15 paths, 9395547 bytes, 9.3 MB
Saved: 15 paths, 9395547 bytes, 9.3 MB
Excluded: 0
Dupbytes: 0
Space: 9.3 MB, 9.4 MB total
No errors

Showing the contents of the backup is just as easy:

$ hb ls -c hb
HashBackup build #2197 Copyright 2009-2019 HashBackup, LLC
Backup directory: /Users/jim/hb
Most recent backup version: 0
Showing most recent version
/  (parent, partial)
/Users  (parent, partial)
/Users/jim  (parent, partial)
/Users/jim/hb  (parent, partial)

The basic backup operation reads files, splits large files into blocks, merges small files into blocks, writes groups of blocks into encrypted, compressed, deduplicated "arc" (archive) files, and records the relationship of all backup data in a database so that the original data can be reconstructed on demand.

Backups are taken periodically, with only changed data being stored. Many versions of a file can be stored in the backup. A site retention policy specifies which versions to keep and for how long. This is implemented in HashBackup with the retain command, also run periodically.

Removing Files

It sometimes happens that large or confidential files are included in a backup by mistake. To remedy this, HashBackup allows removing files and directories from the backup with the rm command, but only by the owner who saved the files. Confidential data can be removed immediately and permanently.

Access Control

As more features are added to manage the backup, it becomes important to restrict access in various ways:

  • password protection for individual commands

  • password protection for encryption keys

  • public key encryption for "write-only" backups

  • storing remote credentials in the encrypted database

Offsite Backup

The backup made above is not very useful because it resides in the same filesystem as the items backed up. There are 2 ways to separate your backup from your data:

  • write the backup to a different physical disk with -c

  • send backup data to another location using Destinations

HashBackup supports many different kinds of destinations, from local storage and local servers to remote storage. One backup can be sent to multiple destinations, and HashBackup ensures that all destinations remain in sync so that any of them can be used for restores. New destinations can be added at any time and all historical backup data is automatically synced to the new destination.

Managing Space

This brings up a question: how much backup data should be kept locally, for quick access, and how much should be only on remote destinations to conserve local disk space? And when old versions of files are removed from the backup, how is space managed on remote destinations? These are handled with:

  • config options to set limits on locally stored backup data

  • config options to control how remote data is managed (packing)

Backup Integrity

It is also important to be sure that the backup data is accurate and can be relied on when needed. HashBackup has many features related to backup integrity:

  • an extensive selftest command to check backup data, with optional random sampling and incremental selftest over time

  • the use of strong cryptographic checksums (hashes) to verify backup data

  • commands to check remote data, either quickly or more exhaustively

  • unalterable audit logs to record what has been done to the backup

  • detailed statistics for monitoring growth, space requirements, and utilization

Restoring Files

Of course, the main purpose of any backup software is to provide the original data when needed. This happens via:

  • a mount command, to present the backup as a regular filesystem

  • the get command, to restore files from the backup

  • the recover command, to recreate the backup directory from remote data (disaster recovery)


We all realize that software and the environments it runs in and connects with, are constantly changing and in need of upgrades, and may sometimes behave in unexpected or even incorrect ways. Great documentation has been provided so that in most cases, problems can be solved on your own with a little reading. A detailed Release Log explains changes in every release. Bugs and customer issues are prioritized over new development, so if you think you have run into a bug, please send an email!


For simple situations HashBackup can be very simple to use, and this is a good way to get familiar with it. As the situation gets more complex, HashBackup has the optional features necessary to accommodate nearly any backup scenario.

Enjoy your adventure with HashBackup!