Untrusted storage: is it possible?

Is it possible to setup a node in a way that it get the files but not decrypted?. Like giving a special hash/id to a friend or setup a server with reliable but untrusted storage, and have that node get the data but encrypted?


Currently no, but it’s an oft requested feature; https://github.com/syncthing/syncthing/issues/109

This would be a killer feature. P2P sync is only great if it’s backed with reliable high-bandwidth nodes which would usually be in clouds and cheap data centers. The github discussion kicked off nicely so I posted my 2 cents there.

Note: I had to break the links here, because of silly restrictions, which prevent users from posting multiple links.

When implementing the crypto, here my suggestion for a robust and safe implementation:

The NaCL is a recent encryption library by the famous cryptographer Daniel J. Bernstein. It is based on the elliptical curve Curve25519, considered secure and - what is important - easy to implement. It tries to minify the things, which can go wrong Now a library called Libsodium makes it even easier - and failure-proof - to use the encryption.

So I’d suggest to use this when implementing crypto-stuff there (it includes a secure pseudo random nubmer generator and more). Alternatively - if you really need it - Libsodium also offers AES GCM, which is the mode you should use for AES.


  • elliptical curves are fast, way faster than other algorithms - don’t know how it works for Salsa20 or so, but I think it should also be fast
  • it is robust
  • it offers bindings in multiple languages (so usable cross-platform)
  • it is not “invent your own crypto” (you avoid the question “Which AES mode should I use?”)
  • NaCl is used in famous messengers such as Signal, Threema, Allo or WhatsApp

BTW if any admin might want to add this info to hxxps://github.com/syncthing/syncthing/issues/109 - as the issue was closed there, please do as it really won’t help if someone implements this important stuff in a wrong way.

Yes. This is also recommended in the year old crypto proposal I wrote, which I’m sure you’ve read. It’s linked from the other thread you revived as well. I think the odds of someone suddenly implementing at rest crypto in syncthing without discussing it with us here first are pretty much zero. If they do, the choice of algorithms will probably be one of the simpler mistakes to fix. :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.