diff --git a/bin/backup-dir b/bin/backup-dir
new file mode 100755
index 0000000..9eacff3
--- /dev/null
+++ b/bin/backup-dir
@@ -0,0 +1,74 @@
+#!/bin/bash
+
+THISDIR="$( pwd )"
+
+DIRBASENAME="$( basename "$THISDIR" )"
+
+if [[ -e /proc/sys/kernel/random/uuid ]]; then
+    UUID=$(cat /proc/sys/kernel/random/uuid)
+else
+    UUID=$(uuidgen)
+fi
+
+HOSTNAME=$(hostname -s)
+
+TS=$(date -u +%Y-%m-%d-%H-%M-%S)
+
+FN="$TS.$HOSTNAME.$UUID.$DIRBASENAME"
+
+BACKUPDEST=notfound
+for DIR in /Volumes/* ; do
+    if [[ -e "$DIR/backup/.sneakbackup" ]]; then
+        BACKUPDEST="$DIR/backup"
+    fi
+done
+
+if [[ "$BACKUPDEST" = "notfound" ]]; then
+    echo "Unable to find backup target disk, exiting." > /dev/stderr
+    exit 127
+fi
+
+echo "Backup disk found at $BACKUPDEST, backing up $THISDIR..."
+
+
+KEYSERVER="hkps.pool.sks-keyservers.net"
+KEYS=""
+KEYS+=" 5539AD00DE4C42F3AFE11575052443F4DF2A55C2" #sneak@sneak.berlin
+KEYS+=" FF2530A4F3F152E8865FC17CA833B7CE3F2CC6FC" #JP Yubi 6192
+KEYS+=" 078BBD04FBE35D665180EF8A476509F749BFD1AD" #JP Yubi 2811
+KEYS+=" 7D1123A022FC90DF389EC65F233196C180B1C28F" #JP Yubi 6643
+KEYS+=" F5A3A83B9E65EA3E1A2A48E5FDA763BDDCFAB8AC" #Yubikey 4928206 20160927
+KEYS+=" B044B27DCB86641AFE3AB274779D07C54EB7CF85" #Yubikey 4953582 20160927
+#KEYS+=" 3FF8DE63855070F8B9CB0D9A67B4CD26470681DA" #Yubikey 4CNano 06931602 20171018
+
+KEYS+=" 1CA168D7E842DFD1745815006F291E6D9AA87738"
+KEYS+=" 726D577AFB82E64049B62A8DA763B92AD841A706"
+KEYS+=" 04630E42D244BC80717D28D51280F730A9AD633C"
+KEYS+=" 5D48805E38B8C2E04103C7728CBD64834BC043EA"
+KEYS+=" 8904EE6400E7B7409CE00AA92084C4563F360B45"
+KEYS+=" FE65DB157D8BF9E4FEDF50DA927353E2C4507A5B"
+KEYS+=" 27CF8E00190D7AF340D8AE55A6C1C5C2083CB579"
+
+GARGS=""
+GARGS+=" --trust-model always"
+GARGS+=" --compress-algo none"
+
+for KEY in $KEYS ; do
+    if ! gpg --list-key $KEY 2>&1 > /dev/null ; then
+	    gpg --recv-key --keyserver $KEYSERVER $KEY
+    fi
+    GARGS+=" -r $KEY"
+done
+
+gpg $GARGS --encrypt "$*"
+
+echo "Backing up to $FN..."
+
+tar -c "$THISDIR" |
+    pbzip2 |
+    gpg $GARGS --encrypt --sign - |
+    pv > "$BACKUPDEST/.$FN.tmp" && \
+    mv "$BACKUPDEST/.$FN.tmp" "$BACKUPDEST/$FN.gpg" && \
+    echo "Backup successful."
+
+exit 0