Encryption Secret And P2P Upload

[Mas73]

Hello,

 

I am using BT Sync to develop our Company Self-Hosted "cloud" by distributing folders across the team. We are using full access two-ways secrets. Now, we are a small team of about 10 hard working nice guys. To increase resiliency of our cloud, I would like to ask contribution from anonymous community members. That's all the people who love what we do but don't necessarily buy from us everyday. The idea is: Using the API Encryption secret functionality, we would have some of our folders one-way synced to our community members' computers, that way they would be able to contribute to our work with bytes.

 

The big question is: When a teammate would have his data synced, would he be using only the 10 teammates' computers with the usual standard secret keys or would he actually benefit from all the anonymous peers' computers so as to increase uploading speed when uploading and in case of computer crash necessitating data reconstruction would he be uploading from all peers at once including anonymous encrypted secrets.

 

I couldn't find the answer anywhere. I hope I am at the right place to ask that question, or maybe I should move the topic to the developers area?

 

Thanks,

Mas73.

 

[nellie4568]

I'm having a hard time deciphering what you're intending to do. Do you want to use your members as additional encrypted file sync/storage? Or do you want them to see the files and contribute to your work? Very confused as you mention the API. Under the API the encrypted read-only folder that the API creates would prevent any contribution. 

 

Any computer that has an encrypted read-only secret for a folder will contribute to the 'swarm' and upload/sync changes (they just don't have the key to decode and view said files). Same if you add another fully standard computer to the swarm the encrypted read-only users will contribute data to the new user. 

 

PS you dont need to use the API to create encrypted read-only secrets. 

[Mas73]

Hi Nellie4568,

 

Actually you gave a precise answer to my questions, depite I wasn't that clear apparently, sorry for that but I'm a user not a developper so it seems I didn't use the vocabulary that was most relevant.

1-"Do you want to use your members as additional encrypted file sync/storage?". Yes this is exactly what I want to do, with the precision that our members would be technically anonymous to us, taken from the crowd of our followers, those who subscribe to our newsletter (about 8000), who follow us on Facebook and so on.

2-"Any computer that has an encrypted read-only secret for a folder will contribute to the 'swarm' and upload/sync changes (they just don't have the key to decode and view said files). Same if you add another fully standard computer to the swarm the encrypted read-only users will contribute data to the new user. ". That's really great and exactly what I wanted, in fact it's the all point of asking for contribution. It means these anonymous contributors can help us increase resiliency and sync speed, making our organisation more eficient to serve them better, at no additional cost to them, it's a win-win.

3-"PS you dont need to use the API to create encrypted read-only secrets. " OK, here I missed an episode it seems. On the BT Sync website, for the API it says "API exclusive features-Encryption secret", so I though I had to use the API to be able to give Encrypted read-only secrets. On my BT sync client, I can give two-ways read-write sync secrets, one-ways read-only sync secrets and limited time secrets. How do I give an encrypted read-only secret? Sorry if my question is so basic you think I should have RTFM. Because actually I did read the BTsyncuserguide.pdf and couldn't find anything about this in it.

 

Thanks,

Mas73.

[nellie4568]

Glad I could help! Sounds like you have a great plan in mind. That's a heck of a lot of resiliency!

 

You can make encrypted read-only (sometimes called "F" secrets, see linked post for details on what A through F means) without the API. Check out the following post for details. http://forum.bittorrent.com/topic/25823-generate-encrypted-read-only-secret-without-api-key/?p=76262

 

Keep in mind that if you are already sharing the folder you intend to use, you'll have to remove ALL computers that are sharing that key (likely all "A" secrets) and generate the new D, E, and F keys. 

 

And remember, if your whole organization somehow against a billion to one odds all have your computers lost/destroyed/eaten-by-dragons you'll need the original "D" secret to pull all the data from those thousands of "F" encrypted secret computers/subscribers. Everything gets re-downloaded and decrypted when you put the "D" secret on a new computer. So print that original and save it somewhere off-site like a safety deposit box or fire safe. 

[RomanZ]

@nellie4568

 

And remember, if your whole organization somehow against a billion to one odds all have your computers lost/destroyed/eaten-by-dragons you'll need the original "D" secret to pull all the data from those thousands of "F" encrypted secret computers/subscribers. Everything gets re-downloaded and decrypted when you put the "D" secret on a new computer. So print that original and save it somewhere off-site like a safety deposit box or fire safe.

I would say even more. If you've lost all your RW peers, to restore encrypted data you need:

a) Enc-RW key

all files on Encrypted peer

c) all metadata (Sync database) on Encrypted peer.

[ChrisH]

But in his situation and c) are still available on his thousands of subscribers. So all he really needs is a) the key.

[RomanZ]

@ChrisH

 

b and c are totally necessary for files decryption, but not enough. To decrypt files, you need (a AND b AND c). if any of components is missing it is not possible to decrypt files.

[ChrisH]

Yeah, I got you the first time - all three components must exist in order to recover the files. But b ) and c ) are available on the thousands of Enc-RO peers. So all he "needs" (i.e. must keep in a safe place for himself) under that premise is the key.

 

If all subscribers die and/or the Internet collapses before he can get to his safe copy of the key, he's out of luck. But then we'll have more pressing problems

[RomanZ]

@ChrisH

 

That's right