I am aware the Encrypted/untrusted device feature is currently beta, however I would suggest incorporating the encryption function in the existing forms of folder types (eg Send Only, Receive Only, Send & Receive).
To enable encryption, one simply sets a password on a folder. This will enable encryption when sending and/or receiving folder data. This is inline with the current encryption function (eg the device with the password encrypts the local data went sent to other devices), but also allows each file to be encrypted from any sending devices. Each device can encrypt its own local file data, and optionally if the passwords are the same on each device, then the file(s)/folder data can be ‘sent encrypted’ → ‘receive to be decrypted’. This will also harden data, with encrypted data transfers (eg unsafe relays, interception, ISP’s, etc.)
Using encryption with the existing Folder Type Functions
Local changes with a folder password, get sent encrypted to the devices for:
-
“Send & Receive” folder types, the device sends and accepts changes to the folder. If the other devices have the same password, then the data is decrypted accordingly and updates the data/file. If the other device does NOT have the same password or has no password for that folder, then the data remains encrypted and unable to be changed - so actis like a “receive only” for that file, unless the same password is provided.
-
“Send only” folder types, the devices sends encrypted data only. If the other device has the same password, then the data is decrypted and visable. If the other device does not have a matching password, then the data remains encrypted and cannot be modified/changed/updated - acts like a “Receive only” for that file, unless the same password is provided.
-
“Receive Only” folder types with password, if the device receives encrypted data (local changes are not allowed), and the device has no matching password for that file/folder, then BAU - receive only + non-visble file (encrypted). If the device has a matching password, then the data is decrypted and visible, but local data updates still do not propagate.
Basically (similar to the current way):
- data sent (a-end) without a password set for the folder, OR with a password so data sent with encryption → data receivved with the same password (ie decrypted on the b-end) = BAU 3x Folder Type functions.
- data sent (a-end) With a password (ie encrypted) → no matching password = Data received encrypted and remains encrypted.
However, allowing the 3 folder types WITH a password on the receiving devices allows those devices to manage their own source data/files when sending to the cluster, as per current folder types but WITH encryption.
(To turn off encryption, one either uses the same password on each device OR one simply does not provide any passwords for that folder on any device (as per current).)
Also, using a Seamless Transition for Encryption <-> Un-Encryption
Also, the ability to simply switch encryption on/off needs to be fluid. When changing from non-encryption to encryption, one should simply add a password to enable encryption (transparent re-sync of encrypted data should occur removing unencryted data…rather than a folder re-add) and when encryption is disabled/removed, Syncthing should resync all existing data un-encrypted transparently without the need to re-add the folder…
Using a password to encrypt (and optionally decrypt on the receiver) also functions to determine if file/data changes are able to be sent/received or both. This is similar in principle to the 3 Folder types logic, only instead of the uncahngable data being readable (unencrypted), its unreadable (encrypted).