I know that this has been discussed a while ago, but what about encrypted nodes for untrusted servers like Resilio Sync has.
I am currently using their product, but since their pace of development has slown down quite a bit, I fear that they might abandon their product. Syncthing would be the best alternative, but I need those encrypted folders.
So from my reading this hasn’t been finished because of the concept only partially fitting to preserve everything syncthing currently has in regard to functionality. Syncthing is designed for trust between accepted nodes and distrust to unknown devices.
E. g. don’t syncthing your original folder but use cryptsync to create a parallel crypted version on your local machine. And then you syncthing this to somewhere else. This is at least useful when doing a “peer backup” of personal data amongst friends. You trust them as being yours friends, anyway you don’t want them to be able to peek in your life insurance contract or whatever.
Stafen KĂĽng BTW belongs to the TortoiseSVN Team, a Windows GUI client for the SVN versioning system: TortoiseSVN, so this is widely used software (despite the rise of git).
I’m glad I’m not the only one here with this concern! I too am stuck with my entire organization using the Resilio semi-abandonware, mainly because we absolutely must have untrusted (encrypted) node support. I’d be more than willing to pay/donate to get untrusted nodes up in Syncthing, but in the meantime will check out the posted options.
Thanks OP for (continuing) to raise awareness. There are dozens of us. Dozens!
I eagerly want this as well. Hence I’m putting mas dinero into this. Bounty is over $4,000! I’d recommend any amount to keep awareness on this. It’s difficult to do it right, so money hopefully encourages a smart dev to work on this.
@calmh made a nice draft. It’s still at an early stage, I guess. I wonder how one would read the encrypted data from the encrypted device in case the source would be no longer available. Just curious:-)
Yeah, all data is there in the folder, including the (encrypted) file metadata tagged on to the (encrypted) file, so the idea in the long term is that you could say for example syncthing --decrypt-folder ~/mystuff --password "the password I didn't forget".
There is an implementation, which is mostly technically sound and done, but needs some UI work to drive home. I’ve been busy on other things, but it’s coming.
I did figure out how to, it seemed to work pretty well - at first.
But there is one caveat: I assume that Syncthing stores the filename in an encrypted “blob”, which is then sent to the encrypted node.
Well, that works pretty good on UNIX-systems, such as my MacBook, but if there is a Windows node in play, it send the path with their respective path seperator - the “\”. And that’s the point when there will be a lot of folders named “folder\subfolder” showing up on your mac.
At least that is what I think is going on - might be something else.
Only thing I know from the user perspective is that these folders (all 0-sized) are starting to show up after enabling the feature.
Can you clarify the topology and which devices are encrypted or not?
Oh, I just realized what might be going on. Yeah, the metadata encryption might be before the slash normalization, so Windows style paths “leak” out over the wire, which shouldn’t happen.
(I am tzarta, but since that is a new account, I cannot post more than 3 posts, so I created a new one)
Topology:
MacBook <-> Linux NAS <-> Windows
The Mac and the PC are also connected, all connections to the NAS are encrypted via the encryptionPassword option, same password on each device.