ProdigySim Posted June 23, 2013 Report Share Posted June 23, 2013 Hey, I'm interested in trying to develop some sort of rudimentary encrypted backup system for myself using BT Sync. I'd like to host a Sync node for myself in the cloud--someplace where I can have better uptime, stability, and data redundancy than on any of my few client nodes. But, being security-minded, I don't see any reason to allow this node to decrypt my data.Is there any way I can use BT Sync to create such a non-decrypting node?If not, is decryption necessary to perform properly as a node in a BT Sync network? i.e. do I have to trust all of my nodes in order to use BT Sync? Quote Link to comment Share on other sites More sharing options...
rdebath Posted June 23, 2013 Report Share Posted June 23, 2013 BTSync's encryption is transport encryption not filesystem encryption. All nodes must know the key.To do an encrypted backup you might try encfs in --reverse mode. Quote Link to comment Share on other sites More sharing options...
ProdigySim Posted June 23, 2013 Author Report Share Posted June 23, 2013 Thanks for the information, as well as your suggestion. I will probably use some sort of client-side encryption along the same lines.The encfs --reverse sounds like a good solution for a one-way backup, but I'm curious as to how it will handle the "Sync" scenario--where changes may originate from an external node and must be replicated on the local (encrypted) filesystem. Quote Link to comment Share on other sites More sharing options...
ChrisH Posted June 23, 2013 Report Share Posted June 23, 2013 Is there any way I can use BT Sync to create such a non-decrypting node?Not yet, but this functionality has already been suggested several times. Quote Link to comment Share on other sites More sharing options...
rdebath Posted June 24, 2013 Report Share Posted June 24, 2013 The encfs --reverse sounds like a good solution for a one-way backup, but I'm curious as to how it will handle the "Sync" scenario--where changes may originate from an external node and must be replicated on the local (encrypted) filesystem.Not at all AIUI, the --reverse filesystem is read only.But if the local filesystem is to be encrypted by encfs you should use encfs the right way up.PS: I should probably elaborate on the problem with writing to encfs--reverse; it's not a problem with encfs, it's working properly and you can write a correctly encrypted file to the filesystem. It's a problem with BTSync in that it doesn't have a way of dumping it's temp files into some proper temp directory. For example to use this with rsync you need to tell it to put it's temp files outside the encfs-reverse filesystem with the "-T" option. Other tools have similar options, but with BTSync your only option is to use BTSync on one copy and use another sync tool to put the data through encfs-reverse. This obviously means that BTSync takes a LOT of temp space and will probably cause filename too long errors at some point. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.