Encrypt Files Using Viivo Before Syncing

[hypercat]

I am working on a project to securely sync several folders to multiple Mac Mini servers as well as my MacBook Air and my desktop machine.

 

The Mac Mini servers will provide backup and versioning of the synced folder data.

 

I trust Bittorrent Sync to keep my data safe during transport.

 

However, I don't trust the colocation personnel who have physical access to my Mac Mini servers.

 

I would like the synced folders to be encrypted on the Mac Mini servers and decrypted only on my MacBook Air and my desktop machine.

 

So I have set up Viivo (viivo.com) to encrypt files in the /Users/username/Viivo folder to the /Users/username/Viivo-Encrypted folder.

 

And I have set up Bittorrent Sync to sync the encrypted /Users/username/Viivo-Encrypted folder.

 

Everything is working perfectly, EXCEPT Bittorrent Sync is creating temporary files with a ".!sync" extension while it is syncing the new/changed file.

 

This causes Viivo to see and decrypt the temporary file and place the decrypted file into the /Users/username/Viivo folder.

 

This leads to a infinite loop of temporary files being added to the /Users/username/Viivo folder with file extensions of ".viivo.!sync", ".viivo.!sync.viivo.!sync", and so on.

 

The solution to this problem would be for Bittorrent Sync to not store temporary files inside the sync folders.

 

Has anyone else worked on adding encryption to files before syncing with Bittorrent Sync?

[Firon]

Why don't you use filevault instead and encrypt the whole drive with the native encryption features?

[hypercat]

Filevault requires manual hands-on intervention in case of restarting after a power failure.

 

So I am looking to use something like Viivo or some other file encryption tool to keep the data encrypted at rest on the server.

[jtroth]

You could use the encrypted backup key for this. It saves btsync'd files in encrypted format on target machines,  Search around the forums for instructions on how to use it.

[hypercat]

Thanks to jtroth for pointing out that the BTSync API has an encryption secret that can be used to keep the synced files encrypted on a recipient's computer.

 

From the BTSync API docs:

"The Encryption Secret is new functionality. This is a secret for a read-only peer with encrypted content (the peer can sync files but can not see their content). One example use is if a user wanted to backup files to an untrusted, unsecure, or public location. This is set to disabled by default for all users but included in the API."

http://www.bittorrent.com/sync/developers/api

 

This solves the problem of syncing folders to a collocated server where one wants to keep the synced folders from being readable by collocation admins.

 

I have been successful is using Viivo to implement this functionality by syncing the Viivo encrypted files to my collocated server. As long as I don't enable Viivo on the collocated server, the encrypted files remain synced without the .viivo.!sync file extension problem as described in my initial post above.

 

I still would really like to see the ability of a 3rd party (non-BT) encryption tool to encrypt/decrypt files as well. For this to work BTSync needs to stop creating temporary files inside the synced folders.

[hypercat]

Thanks to jtroth I am now using an encrypted read-only secret to sync to my collocated server.

 

This not only keeps the contents of the files encrypted but also encrypts the file names as well.

 

Awesome.

 

And there is a way to generate the encrypted read-only secret without using the API calls:

http://forum.bittorrent.com/topic/25823-generate-encrypted-read-only-secret-without-api-key/