Obnam should use AEAD in order to provide not only confidentiality, but also integrity protection.

The individual chunks should be linked together using the "AD" bit in the AEAD scheme. This binds the data to its context and thus prevents an attacker from replacing one chunk with another otherwise valid chunk.

How exactly this should be done depends strongly how the data is laid out. See https://gitlab.com/larswirzenius/obnam/-/issues/62