Encryption for remote syncthing device

See

I am using Syncthing across a few computers and have setup an offsite node in another physical location (my parent’s house…), it’s a raspberry pi with an encrypted LUKS volume (external USB drive) that hosts my data. The machine boots up from SD, dials home to my network using OpenVPN (client-side certificate, which I can revoke if compromised), then emails me asking me to unlock the encrypted volume (which is done using a simple node.js app), mounts the data volume, and reloads syncthing which will begin syncing from that point on.

If this device gets stolen it’ll be disconnected from power and my data remains safe. I still run a risk of a local network exploit while the machine is online, but that risk is low and I’ve got no open ports (except over the VPN interface) and I run automatic updates daily.

I’d obviously much prefer a syncthing node which doesn’t ever see data in the clear, that would enable proper cloud hosted safe storage, but just wanted to propose this approach to people who are seeking a temporary solution.

6 Likes

What do you guys/gals think about CryFS? I’m planning to use it but do you have any experience with it?

I like the idea in theory (same size blocks everywhere so we dont give away metadata). But how well does it work in practice ESPECIALLY on Windows? Most of these dime-a-dozen encryption schemes work flawlessly on Linux (or some FUSE FS), and fall flat on their face in Windows. Maybe they’re trying to many things in background?

EncFSMP and EncFS4win are 2 of the recent things I’ve tried that just create tons of “weeping and gnashing of teeth” for me on Windows. Oh sure they START out working just fine… until that day comes when they suddenly lose half your files due to some wierd bug. Fortunately I keep offsite backups… but it’s hardly a ringing endorsement for trust in them. Or they are just extremely inconvenient to use for some reason. Also it makes me leery of ANY of these encryption schemes for Windows that ISN’T Bitlocker (or something made by Microsoft directly).

If I may ask, with over 30 backers and over a 1,000 dollar bounty, isn’t that enough to put some more effort into this (mind you, I didn’t say “implement it”)?

If I see correctly, the latest changes are about 2 years old. Are there so many other features or are you running into trouble that this can’t be finished?

I am kindly asking, and genuinly interested to know the reasons behind this not getting more attention.

Thanks!

I think it’s at the back of many people’s minds. There was a pull request the other day that didn’t really cut it but refreshed some ideas. I have a branch with some work in it. Doing it right is not trivial.

3 Likes

Thanks for the reply.

Fair enough.

Well hopefully by keeping this thread alive you guys gain a little motivation :grin:.

This is really the only thing I miss. Keep up the good work!

Hi I came across Syncthing and would give it a shot - however, the missing “encrypt files on untrusted server” feature is a blocker for me. I don’t want to expose my private files to admins of my web hoster…

Any update on when this feature will be available?

Cheers, Chris

No

I agree that ‘storing files at non-trusted servers’ is a great feature for Syncthing.

But if ST has no interest in implementing it, what are the other options? Is there an efficient solution for this use-case?

1 Like

Check out https://cryptomator.org/

1 Like

This could be possible as well with git hooks?

Cryptomator is not Free for Android neither OpenSource :frowning:

1 Like

Thumbs down for cryptomator from me as well. I had looked at it for a long time, it looked nice, but when I downloaded it to my Linux box and tried it it turned out to be a humongous bloated Java application with its own ideas about how it should be installed, which incidentally makes it useless with just a window manager - it needs one of the ‘desktop’ systems. Huge, heavy stuff. I could almost hear the sigh of relief from my server when I purged the junk from my system. Fortunately there are alternative options out there.

1 Like

Has there been any progress in the last year or did someone find an alternative?

While it is not a real solution, I built a Docker image that should make it more difficult to access your SyncThing filesystem on an untrusted source here: https://github.com/PhracturedBlue/syncthing-docker-encrypt

The idea is to encrypt the filesystem with gocryptfs and then make it difficult to either (a) get access to the running image (by using distroless base-image and multi-stage build) or (b) get access to the gocryptfs key/password

It is likely that (with some effort) both of these can be subverted by someone with root access to your host while the image is running, so don’t consider this real security, but it does raise the bar on how easy it is to do so.

I still hope for a proper client-side solution to encryption someday so that hacks like this aren’t needed

Rclone has crypt remotes feature. Rclone is also written in Go Can that help implement crypt repositories for syncthing

2 Likes

Hey folks, I see this feature is highly requested for last 5 years and here is even a 2K$ bounty for this right now. I am also dreaming about optionally encrypted remotes, since this would allow me to replace Google Drive with Syncthing.

My guess is that certain effort has been made in this direction, but there appeared to be certain architectural problems. Am I right about this or there is just no clear way how to provide real security for the solution?

Right now I am thinking about:

  1. investigate Syncthing code for possibility to create a PR with this feature myself, but I don’t know Go so this could take a lot of time;
  2. start to build my own solution from scratch keeping security in mind, but this should be even longer way :slight_smile:

The whole project is pretty awesome, especially the fact that it’s source is open.

P.S. Thanks @PhracturedBlue for sharing this Docker-based solution, I’m gonna to give it a shot.

1 Like

Resilio has a good reasonable solution to this problem. basically you choose whether to trust a server. A trusted server has the encryption key and will store files decrypted on disk. A non-trusted server keeps them encrypted. Network sync is always done using the encrypted file. Of course it isn’t open-source, and it uses the BT protocol…

I also want to make it crystal clear that my work-around is NOT a solution. Someone with root access to the server can absolutely get access to your files. It just makes it a bit harder to do.

Probably a good start to read through a draft is here : https://github.com/syncthing/syncthing/pull/4331