I have a problem when accidentally omitting the encryption password when sharing to an untrusted device. This is a continuation of my reply here:
Original text:
I was testing the untrusted devices feature on a new folder I shared with 3 devices:
A
B
U (untrusted)
I set up the sharing as follows:
Shared the folder from A to B.
Shared the folder from A to U.
So far so good.
Now I was trying to set up the sharing of the folder between B and U, but as I didn’t enter the password on B so the data was shared normally with U and U ended up with both encrypted and unencrypted folders (no files seem to have been transferred? More on that later).
Now B, the Android Syncthing app, kept repeatedly crashing. This could have prevented any actual files from coming through. But the original folder structure was created on the untrusted device.
And U, Syncthing for desktops, reported this in the WebUI:
Failure checking encryption consistency with device <B,phone> for folder “MobileCloud” (folder-id-123): folder is configured to be encrypted but not announced thus
The message is cut off after ‘thus’ and the folder is marked ‘Out of Sync’.
It’s hard for me to see the encrypted folder / untrusted devices feature as a replacement for some other form of encrypting the folder contents when a misconfiguration (not entering the encryption password) on one device can easily bring a folder into this state.
It is intended that you can share different folders both encrypted and plain with a single remote. It’s your responsibility to get that right. If you do not every want a specific device to get plain data, you must set the “untrusted” option on the device: This will prevent any connection with plain data to that device, even if you (mis)configure it to do so. Should not Untrusted status be introduced? - #4 by imsodin
Sure, the problem I explained starts with me configuring one device to send encrypted data and another device to send unencrypted data.
My question is: Why did the remote accept the unencrypted data (at least the folder structure) when it knows that the folder type is: Receive encrypted?
Unfortunately I can’t set the complete remote device to ‘untrusted’ yet as I have some other folders shared with the same remote that are being synced unencrypted as I didn’t migrate them yet.
That’s the bit I wanted to have in a separate topic. It really wasn’t my intention to in any way criticize you, just to keep things disentangled and thus simpler - thanks for creating this separate topic
What is the shared root path on e.g. A: Is it “…/Arbeit”, or is it the parent “…/” and “Arbeit” is one directory inside the synced folder?
That should be impossible: When A shared to U, the folder should have been created with type “receive-encrypted” on U. Then when B shared the folder unencrypted with U, U should and apparently does reject it:
The error message isn’t so nice, it has already been changed to remote expects to exchange plain data, but local data is encrypted (folder-type receive-encrypted) - I hope that is more clear, is it?
Now the question is: How did that “Arbeit” folder end up on U - I have no clue right now. Logs on U might have clues.