Syncthing and Cryptomator

Is using Synchthing and Cryptomator possible? I’ve tried WedDav and Doknay file structure. The initial sync is fine, but locking and unlocking a Cryptomator vault halts further Syncthing.

My forum review shows the two programs are incompatible, but I want to make sure.

My Crypotmator vault is on Google Drive, backed up to my Windows 10 desktop. Are there any programs that automatically propagate a Cyptomaor vault to another local machine?

Thanks

You could test the new untrusted device feature. It’s still a preview but that’s not a problem if you have backups.

Sychting does synch some of Cryptomator files, but other files stop at a percentage. A failed transfer prevents stopping the syncthing process: Will someone help me understand and fix why some files but not all files sync?

The associated log is:

[[A4J5Q] 09:11:06 INFO: Joined relay relay://45.79.207.68:22067
[A4J5Q] 09:19:43 INFO: Adding folder "Personal Docs" (rjxpn-cggkq)
[A4J5Q] 09:19:43 INFO: No stored folder metadata for "rjxpn-cggkq"; recalculating
[A4J5Q] 09:19:43 INFO: Ready to synchronize "Personal Docs" (rjxpn-cggkq) (sendonly)
[A4J5Q] 09:19:47 INFO: Completed initial scan of sendonly folder "Personal Docs" (rjxpn-cggkq)
[A4J5Q] 09:20:18 INFO: Device TUHKI67-MLFRY24-5E3BJYA-EWZ3Z2L-AU6BHM3-CZRMKWH-UUBJ4GX-UU34MAJ folder "Personal Docs" (rjxpn-cggkq) has a new index ID (0x5379F83E8DB89033)
[A4J5Q] 09:23:52 INFO: Paused folder "Personal Docs" (rjxpn-cggkq) (sendonly)
[A4J5Q] 09:23:52 INFO: QUIC listener ([::]:22000) shutting down
[A4J5Q] 09:23:52 INFO: Relay listener (dynamic+https://relays.syncthing.net/endpoint) shutting down
[A4J5Q] 09:23:52 INFO: Connection to TUHKI67-MLFRY24-5E3BJYA-EWZ3Z2L-AU6BHM3-CZRMKWH-UUBJ4GX-UU34MAJ at 192.168.1.154:22000-192.168.1.144:22000/tcp-client/TLS1.3-TLS_CHACHA20_POLY1305_SHA256 closed: Syncthing is being stopped
[A4J5Q] 09:23:52 INFO: TCP listener ([::]:22000) shutting down
[A4J5Q] 09:23:52 INFO: Exiting
[monitor] 09:23:52 INFO: Signal 15 received; exiting

At this point, I’m unable to end the process, even using task manager.

This setting has no impact, but thank you.

You don’t need Cryptomator anymore as Syncthing mimics its functionality with the untrusted device feature.

https://docs.syncthing.net/users/untrusted.html

Great suggestion. Is it correct that the untrusted device feature leaves my local computer files unencrypted?

Untrusted nodes receive and store only encrypted files. Trusted nodes store them completely unencrypted.

I have multiple local machines as remote devices, but how is Google Drive added as a remote device?

Sorry, i thought you want to switch away from Google Drive and migrate to syncthing.

I’m very confused. My end goal is having encrypted cloud and encrypted local files. It seems this is not possible. My new goal is having encrypted cloud storage and local unencrypted files.

Is this the “untrusted device” function? Here’s a passage from the “Untrusted device” page:

As an example, lets assume a trusted device T1 , maybe your laptop. You have sensitive documents here but they are in cleartext from Syncthing’s point of view (perhaps protected by full disk encryption). There is also an untrusted device U1 , perhaps a cloud server, where we want to sync data but in unreadable form.

Just to avoid any confusion, there is no “cloud” with Syncthing. The files can be stored and synced among multiple devices, but there is no central server or anything like that (which makes it different from services like Dropbox or Google Drive).

For the encryption, you cannot encrypt local files with Syncthing like you do with Cryptomator and such, but you can still use your operating system (or other 3rd party software) to do it, e.g. using BitLocker in Windows, etc.

Ooh. Based on the “untrused device” description pasted above, I understood that Syncthing can be used for local to cloud syncing. The description even mentions a “cloud server”.

I’m sorry this topic is difficult for me to understand.

Local encryption on a trusted device like your computer or phone should be handled at the OS level via e.g Bitlocker, VeraCrypt, LUKS or whatever the OS provides

For untrusted nodes(VM at a cloud provider, raspberry pi at your friends home, etc) you should use the functionality provided by Syncthing.

It depends what you understand by “cloud”. The example means just some kind of a 3rd party computer that you want to use to store and sync your files, but at the same time you don’t want anyone to be able to actually know what the files are. Hence, they are stored in a completely encrypted form, which covers their names too. This is not the same as when using Cryptomator and such, where you can still perform normal operations on the encrypted files.

Thank you. I’m still confused, but the bottom line is Syncthing is not for Google Drive syncing.

I do have a PI, but only my local computers can access the files without Drive sync.

Configure your router to forwards ports 22000/tcp and 22000/udp to your Pi and enable global discovery on your syncthing nodes. With that all your devices should be able to sync even if they are not in your local network :wink:

https://docs.syncthing.net/users/firewall.html

Probably won’t tackle that… lol

Thanks for your help.

It sounds a lot more complex than it actually is. It’s even easier if your router supports UPnP.

My router does not have UPnP setting, so router ports 2200 TCP/UDP are set up. I think my Firewall is setup, but I’m unable to set up Syncthing.

Does this configuration offer advantages?