I just set up two machines with syncthing. One is a “trusted” machine that is the main location of the data, and one is an “untrusted” machine that the data gets backed up to in encrypted format. I also enabled versioning on the “untrusted” system. The problem is, if I delete something from the trusted system, which then gets synced to the untrusted one, and then try to restore the file on the untrusted system, the change doesn’t sync back to the trusted system and I get an “Unexpected Items” message on the untrusted system. Is this expected behavior? Syncthing’s manual at Untrusted (Encrypted) Devices — Syncthing documentation seems to indicate that it should be possible to sync data from an untrusted system back to a trusted system, or another trusted system. However, it doesn’t seem to be possible to sync data back to any trusted system as the untrusted system’s folder type has to be “Receive Encrypted”, which doesn’t seem to support “sending”. The file version restore problem I am running into is likely due to the same reason.
@calmh Thank you for the response; that is unfortunate. Is there a technical limitation preventing this from being implemented, or is it just matter of time and effort to implement it?
Also, can you kindly clarify if it is at all possible to sync from an untrusted device back to a trusted device even though the untrusted folder is “Receive Encrypted”? Otherwise, I am not sure how the T1 <==> U1 <==> T2 synchronization case mentioned in the documentation can work. My original goal was to implement such scenario with T1 and T2 being my desktop and laptop, and U1 being a cloud device which acts as intermediary and also have versioning enabled on that. Though now I know the versioning part is not currently possible.
No theoretical issue that I’m aware of, just no implementation of it. When adding untrusted we discussed “should we disable versioning since it’s mostly useless” and decided “no, there could be a point, even though we don’t support restore into the folder, let’s leave it for now”. Basically.
The reason for all this is that there are two parts required to be able to sync stuff from an untrusted device: the encrypted stuff in the file, and the encrypted metadata which is stored in the database. The metadata is also stored in a trailer in the encrypted file, with the intention that we could populate the database from the data on disk but, again, not implemented.
Syncing from an untrusted device to a trusted one that knows the password should be perfectly fine (for files the unstrusted side has in the database).
Thank you for the clarification; having versioning on untrusted devices, even though currently doesn’t support restore, is certainly still useful as the versioned files can still be decrypted manually if necessary.
Should I open a feature request for supporting versioning for untrusted devices on the Github repo, or is there one already?
