This may help understand how encryption is performed in rclone
There have been a number of discussions around having a “catalogue” file. This could solve a number of complicated issues. But it’s not easy.
If a remote is defined as encrypted in the rclone.conf file then all actions (eg copy) will be encrypted. You don’t need to mount the remote. It’s how I protect my offsite backups (rclone sync /BACKUPS backups:
type command, and the remote drive is all encrypted/obfuscated