PeterVerhees

[Now Implemented!] Support For Untrusted Encrypted Node.

Recommended Posts

It seems like you guys would benefit from the info in another thread. You don't have to have an API key to generate read only encrypted secrets. I have several encrypted untrusted nodes running using the instructions found below.

 

http://forum.bittorrent.com/topic/25823-generate-encrypted-read-only-secret-without-api-key/

 

 

You can generate encrypted read-only secrets using the normal btsync client without any API key.
 
Do the normal "Add a Sync Folder",
click "Generate", but change the first letter of the "Folder sercet" from "A" to "D" (see 1 and 2),
set the "Folder to sync", click "OK",
right click on that folder from the list,
click "Show Folder Preferences",
copy the "Read only secret" (see 3),
paste it into Notepad(or other text editor),
"Encrypted Read-Only Secret" is the first 33 char of that string with the first letter changed from a "E" to "F" (see 3 and 4)
 
real example this time.
 
1) AR7GC6JIVCTKG2XNPM7GGOSV3FI5BDDNH
 
2) DR7GC6JIVCTKG2XNPM7GGOSV3FI5BDDNH
 
3) EYF7Y3OOYZEZALVLFDQDAARXQTV2HO7IZCO2V2ZRZEAN32VY7RFH7HGOKRI
 
4) FYF7Y3OOYZEZALVLFDQDAARXQTV2HO7IZ
 
 
Important
=========
You can not have same folder more then once per machine even if it is in a different mode(RW,RO,encrypted).
Try the "Secret" on an other machine or remove the RW folder from the machine before you try to add the "Secret" or you will get an error "Selected folder is already added to BitTorrent Sync."
 
 
Fun Fact
========
RW Secret can be "A" or "D" followed by any 32 character from upper case A to Z and numbers 234567.
 
So this works
 
DABCDEFGHIJKLMNOPQRSTUVWXYZ234567
EYRCW2XHXF3NRDT4Z44CL45Y5ZH2HO6ADW33KXUGY4EZN4B5RQDELP7IQQE
FYRCW2XHXF3NRDT4Z44CL45Y5ZH2HO6AD
 
 

 

Hope this helps

Share this post


Link to post
Share on other sites

I just found this thread and would like to add my vote too! I see that it's already being planned which is great news!

 

I want to add that I don't think this should be a very impractical thing to add that some early commenters have said. BTSync already does encryption. The benefit of building it in is to make it hassle-free, which is a critical quality to bring encryption to the masses. While using third party solutions work (well... not quite as well now that TC went bust), they take effort and expertise that the average person doesn't have.

 

what I envision should be fairly straight forward in terms of user experience: have two secret keys, Key A is for encryption, Key B is for linking each client for file syncing.

 

All clients encrypt all files being synced using Key A before doing anything else, that way only Key A-encrypted data is being synced. This avoids the versioning problem since the same data is being compared across all clients.

 

Key B is then used to link each client together - this is the same as the current secret key that facilitates syncing.

 

Key B is mandatory (it's needed to establish a link), but Key A is optional. If Key A is provided the client transparently decrypts the data on disk so the user can access it. If Key A is not provided, it can't decrypt the data on disk so the user can't access it.

 

This will effectively enable untrusted remote machines that can sync just fine but protects the data even while it's running (unlike FDE which is useless for an always-on server). Friends/family can share space or one can setup a low-power always-on "server" (or several) at untrusted locations in order to avoid the need to leave actual home computers on all the time.

 

Heck, you can even be fancy and protect Key A (once it's been entered into a client) using the local user account so that even physical possession of a Key A-enabled machine won't do any good if they can't break into the user account.

Edited by primexx

Share this post


Link to post
Share on other sites

It seems like you guys would benefit from the info in another thread. You don't have to have an API key to generate read only encrypted secrets. I have several encrypted untrusted nodes running using the instructions found below.

 

http://forum.bittorrent.com/topic/25823-generate-encrypted-read-only-secret-without-api-key/

 

 

This works well for me! However, when I try to set it up on my server running btsync w/ the web GUI, the web interface does not allow me to change the secret manually from an A to a D for the first character; it says "invalid secret." Is the only way to fix this to relinquish control of btsync using the web interface and use manual config files instead?

 

Also, is there a reason the thread you previously linked to is now no longer available? Will this feature be on its way out?

 

Thanks!

Edited by bks1122

Share this post


Link to post
Share on other sites

Thanks for the clarification.

 

But still have the question: When I try to set it up on my server running btsync w/ the web GUI, the web interface does not allow me to change the secret manually from an A to a D for the first character; it says "invalid secret." Is the only way to fix this to relinquish control of btsync using the web interface and use manual config files instead? Also, it seems that manual config files have a bug that restrict my use, stating the directory shared already exists. What are people doing to get around this?

 

The error I'm getting:

Error while adding folder /path/to/secret: Selected folder is already added to BitTorrent Sync.

According to this thread (below) it is a bug that is currently unfixed.

http://forum.bittorrent.com/topic/20486-error-selected-folder-is-already-added-to-bittorrent-sync/

 

Thanks again.

Edited by bks1122

Share this post


Link to post
Share on other sites

Thanks for the clarification.

 

But still have the question: When I try to set it up on my server running btsync w/ the web GUI, the web interface does not allow me to change the secret manually from an A to a D for the first character; it says "invalid secret." Is the only way to fix this to relinquish control of btsync using the web interface and use manual config files instead? Also, it seems that manual config files have a bug that restrict my use, stating the directory shared already exists. What are people doing to get around this?

 

The error I'm getting:

Error while adding folder /path/to/secret: Selected folder is already added to BitTorrent Sync.

According to this thread (below) it is a bug that is currently unfixed.

http://forum.bittorrent.com/topic/20486-error-selected-folder-is-already-added-to-bittorrent-sync/

 

Thanks again.

 

 

It seems the issue has fixed itself with the most recent update. Apparently the GUIs calculate the encrypted read only keys. Great! Thanks.

Share this post


Link to post
Share on other sites

I just have to chime in and say thank you for adding this. I am a photographer and I am planning a complete sync and backup solution. Placing a NAS in my office and one or more at some other locations will allow me peace of mind.

Two of my brothers have 50Mb fiber lines and each of them needs safe storage as well. With this, we can have one NAS in each house and each of us use a local sync software to sync from our computers to the NAS. Then the NAS in each house (and continent!) takes care of the rest.

This is a solution that will be perfect for any photographer around the world. And even better if I can use Amazon storage as a node as well...

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.