Exclude, not use, "Folder ID" when creating Folder Key

As I understand it, the Folder ID is part of the Folder Key (together with the psw set by the user).

This means that to decrypt a folder using the CLI decrypt, I must not only know the psw but also the Folder ID (either by the token in the .stfolder or by specifying it in the decrypt command), correct?

However, while testing and probably in the future when I use Untrusted/Encrypted to create back-ups on unprotected storage (e.g. in the cloud or on un-encrypted disk), I will in some use cases remove the encrypted folder’s configuration from ST. And when removing the configuration, I “lose” the .stfolder and thus one cruical part of the folder key…

Is it an alternative to create the folder key from only the psw set by the user and not also the folder ID?

No, but I think it’s not great that we remove the token in question. Probably shouldn’t do that.

1 Like

OK, the “folder id” stays as part of the encryption key!

May I suggest to add to the documentation one of those yellow or red sections pointing out to the user that one need to have both psw and folder id to decrypt/restore encrypted data.

And possibly also references to the new CLI “decrypt”?

1 Like

Any chance you might edit the page to add that info yourself? That would be much appreciated :slight_smile:

Sure, I’ll look into it (what and how) and “report back” about progress.

Big step to become (sort of) contributor… :slightly_smiling_face:

1 Like

Done: users/untrusted: Info about decrypting data by imsodin · Pull Request #650 · syncthing/docs · GitHub