syncthing decrypt

rustycanb · July 4, 2022, 4:43am

Encrypted data on an untrusted Linux device can be accessed by another instance of syncthing with the known password connecting to the encrypted folder. In this case, as expected, the original timestamps are applied to the decrypted and synced files.

Or by accessing the encrypted data and using the command syncthing decrypt --to /path/to/decrypted/files/ --password xxxx /path/to/encrypted/folder/ In this case the timestamps are applied as the current time of the OS used to decrypt the folder.

Question: is there anyway the second method can access the original timestamps for each file?

calmh · July 4, 2022, 5:10am

No, but syncthing decrypt could apply them, I guess I just didn’t implement that. You can try this:

rustycanb · July 4, 2022, 8:35am

@calmh thanks for taking up this issue/idea.

I downloaded the github code (956c44c) and complied it, syncthing worked as normal but I got the same results with decrypt, so I suspect I stuffed it up and got the code for main instead of your PR.

Maybe I’ll wait for #8412 to merge into the next RC release.

acolomb · July 4, 2022, 4:21pm

You can just download the binary built by CI from the pull request for testing. It’s a bit hard to find the files (called artifacts) but somewhere under Checks there should be appropriate binaries I believe.

rustycanb · July 4, 2022, 10:17pm

Got it, thanks @acolomb. Tested and it works! Thanks to @calmh for fast implementation.

rustycanb · July 6, 2022, 12:47am

The fix (#8412) didn’t make it into release 1.20.3, so I rolled my own binary from main (v1.20.4-dev.1.gabea3d75, Linux (64-bit Intel/AMD) and all is working again.

system · August 5, 2022, 12:47am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.