I would like to sync files to an untrusted device. Those files are intended as backup. The files should be recoverable when the source computer is not longer available.
Example situation:
my kids are “on the road” with a laptop
they sync data to my truenas system having a virtual machine running syncthing, storing the data on the nas
the laptop crashes or is stolen / whatever
I (as NAS admin) should not be able to read their data so the data should be encrypted by syncthing
it should be possible to sync the data back to a new laptop assuming the syncthing key of the old lost laptop is known
In the documentation this function is mentioned but marked as beta. And in a 2023 post it was described as not working.
I did test with device settings like “Untrusted” and folder type “Receive Encrypted”. Messages like “remote did not accept sharing this folder do occur”
What ever I need to know the actual status of this functionallity and I need to know how to get this working
Syncthing’s untrusted/encrypted device feature works fine. However, based on your end goal and functional requirements, I recommend considering using a dedicated backup tool instead of Syncthing or any other sync tool.
Although Syncthing is a fine complement to a backup tool, it isn’t intended to be one.
There are earlier forum posts with recommendations on various backup tools along with combining it with a mesh VPN.
I do have other backup things in place and apart from that, I will create regular zfs snapshots. SyncThing does look as a simple mechanism as additional backup.
I would appreciate if someone could explain exactly how I can reach the described coal, I did try bit not manage
I will try, I have looked at that side before. The message at the top “This feature should still be considered beta / testing only.” That did not help (just as another page from end 2023 between some user and the designer, telling that it was not yet working).
I see now that I have to add some text rules in the configs, something I did absolutely not expect.
did create a new folder on the source device, with another name and the Original folderId and password
defined that it should share with the untrusted device
and yep(!) the test file did arrive from the untrusted device
the only thing I should test is what would happen if I delete the syncting instance from the trusted source device
and installed it again using the old identification code
I just do not know how to do that, assumping the indentification code is the public key, there should be some private key arround somewhere and I should have back-uped those keys before somewhere
Do you happen to know how to backup and restore the Syncthing itself on the source?
Or as an alternative perhaps should I add a new installed SyncThing Id from on the trusted device to the untrusted device to resync that way?
I do not think the second option is possible given the foldertype and the fact that I can not add a new shared forlder there.
Perhaps I can change the Source original Id (=pubkey?) in a config file somewhere in a new source key Id (if the keys are not encrypted / protected). If this option is possible, it is … a big security leak(!)
The Folder password is the key. Lose that, and your files will not decrypt.
Changing the pubkey affects the local Device, not the folder nor the files therein.
While I am not a member of the Syncthing team (I try to help here as I can) I have been a cybersecurity professional for decades. I can’t make security decisions for you, but when I read https://docs.syncthing.net/users/security.html , I was satisfied that Syncthing is secure enough for my most sensitive personal files; I sync password databases with it.
See Understanding Device IDs — Syncthing documentation — the certificate is hashed to produce the Device ID. It seems that you found the key to that certificate. Losing this means losing the Device ID.
