I’m wondering, is there a way I decrypt a single file or a selection of files from an untrusted folder? Or is there some way I can easily run Syncthing decrypt once like in verify mode, retrieve some sort of data (CSV, TSV, JSON) of encrypted file name = plaintext file name and in the second stage I tell Syncthing to which file(s) I want to have?
It doesn’t have to be perfect, I’m fine if I have to write a script for that. GitHub - charmbracelet/gum: A tool for glamorous shell scripts 🎀 could be quite useful to to get some of the UX parts of a shell script done with ease. Some of use cases either have resource constraints or I simply just don’t want to wait for a larger folder to decrypt completely. Right now from what I can see I would have to process the output of verify myself
I don’t think there’s a way to do this currently. Maybe the easiest would be to add a parameter to syncthing decrypt to match on the plaintext file name.
For what it’s worth, here’s a manual process that works today which you may be able to script.
First, run syncthing decrypt --verify-only --verbose to get a mapping from encrypted files to plaintext files. You’ll get something like this for a file you’re interested in:
Processing "3.syncthing-enc/G6/3C6IDQH6BB25CNROFUEEKV8GK9GLL5DIGKQB0VC0J81BQE0760RIPHS38LNIPFVUA376O38"
Plaintext filename is "2022/track-20220530-074220.gpx"
Then, copy the encrypted file and the folder marker to a temporary directory. Here, my encrypted data is in nmea.encrypted and I’m creating a temporary copy in tmp/ext.
