Few questions about encryption


Recommended Posts

Questions about the encrypted client:-

1. Does it encrypt the file names too? Or just the data?

2. Does it keep the directory structure the same? Or, is it completely incoherent data to anyone looking at it?

 

Questions about the protocol:-
I read that (Quote below) all non-encrypted clients now need to do everything twice as to have two copies, one for 'encrypted' nodes and one for 'normal' nodes, wouldn't it just be more logical to do it all once, then, at the receiving end of any 'normal' nodes just decrypt it? I presume you're already encrypting once for network transmissions, and, then, once for the encrypted nodes.

 

Quote:-

Explanation how this works.

 

1. You add the folder and generate RW/RO and backup key;

2. New RO key will have a special key to decrypt data (this is why the new RO key is longer)

3. Since RO and RW nodes needs to encrypt data for backup node - there will be two indexing data sets for RO and backup nodes. On ARM devices (NAS) and phones it could 2-3x slow down indexing. 

 

 

 

Questions about the API:-

Is API access a 'rare' thing? I'd love to get access, however, it seems to be a manual thing. Is it something that 'everyone is accepted to'? Or, just the 'elite few'?

 

Thanks,

Automatic.

Link to comment
Share on other sites

Well, I just got this email:-

614pQ1t.png

 

So, I'll spend the time answering my own questions for anyone wondering:-

 

1. Does it encrypt the file names too? Or just the data?

 

 

Identical directories:-

 

Encrypted:-

[root@btsynctest encrypt]# ls -latotal 10264drwxr-xr-x 4 root root     4096 Nov  8 06:36 .drwxr-x--- 5 root root     4096 Nov  8 06:32 ..drwxr-xr-x 2 root root     4096 Nov  8 06:32 .SyncArchive-rw-r--r-- 1 root root       20 Nov  8 06:32 .SyncID-rw-r--r-- 1 root root      296 Nov  8 06:32 .SyncIgnoredrwxr-xr-x 2 root root     4096 Nov  8 06:36 G3ZV62EUALJE3RULHVCAGJMKJ7FYOYFJVG6QPIY-rw-r--r-- 1 root root 10485760 Nov  8 00:23 RSKTNORKOWKFWW3PFTXNHYTV56VUYX5ANCZ4LHQ

Plaintext:-

root@Tower:/tmp/test# ls -latotal 10252drwxrwxrwx  4 root root        0 2013-11-08 06:33 ./drwxrwxrwt 18 root root        0 2013-11-08 05:24 ../drwxr-xr-x  2 root root        0 2013-11-07 22:58 .SyncArchive/-rw-rw-rw-  1 root root       20 2013-11-08 06:25 .SyncID-rw-r--r--  1 root root      783 2013-11-07 22:58 .SyncIgnoredrwxr-xr-x  2 root root        0 2013-11-08 06:33 Test/-rw-rw-rw-  1 root root 10485760 2013-11-08 00:23 file.ext
2. Does it keep the directory structure the same? Or, is it completely incoherent data to anyone looking at it?

 

 

Exact same.

 

 

As for everything else, no idea.

Link to comment
Share on other sites

The one thing I am wondering is will we non-API folks be able to make encrypted secrets?

 

At the moment, doesn't seem so. It's worth registering an API key just for this (Assuming it's public, not sure, maybe I'm special  ^_^ ), you never technically need to use it again, just register the API key with the application (in your configuration file) then go here:-

 

$domain/api?method=get_secrets&type=encryption

 

And it'll return something like:-

{ "encryption": "FN242YS7WOCMZS3UKA3P2MJBTWKWSVROC", "read_only": "EN242YS7WOCMZS3UKA3P2MJBTWKWSVROCGQNM5WC4TCDFN457XUC5J3OPAI", "read_write": "DJNGMRD5FZFVIU26QUKO2EUH4WKKAI5OE" }

Which formatted is:-

{	"encryption": "FN242YS7WOCMZS3UKA3P2MJBTWKWSVROC",	"read_only": "EN242YS7WOCMZS3UKA3P2MJBTWKWSVROCGQNM5WC4TCDFN457XUC5J3OPAI",	"read_write": "DJNGMRD5FZFVIU26QUKO2EUH4WKKAI5OE"}

As from there, everything is just UI based. Add the keys normally (Encryption/read_only/read_write) and it'll just 'work', magic! Never need to touch the API again, unless you want another set, in which case, just go back to the URL and tuh-duh.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.