Encrypted Files

[WeichertGriffin]

If files are encrypted on my computer and are synced to another device, with those files remain encrypted and unreadable without the key on the other device?  I'm thinking that my computer will un-encrypt them in order to send them to the other pc.

 

My goal is to simply use the other device as a intermediary backup for accounting files, but not allow access to them by anyone other than on the accountants computer and their laptop, which is also part of the sync.

 

 

 

 

[Spacemarine]

That depends on if you sync the encrypted or unencrypted data. Btsync is doing nothing else than sending your files, just like when you would send them via email.

[sfmcnally]

That's not really true. btsync has the option to have one or several of the nodes be encrypted read only untrusted nodes that only send and recieve encrypted versions of files that are then decrypted on devices that have the master key or non-encrypted read only key. If you search the forum for encrypted node you will find instructions. That said, since 1.4 was released, I've had a hell of a time getting anything to sync correctly and consistently, encrypted or otherwise. 

 

This thread explains it pretty well:

http://forum.bittorrent.com/topic/25823-generate-encrypted-read-only-secret-without-api-key/

[Spacemarine]

Your answer is correct, but that was not what he was asking about. He asked about files that are already encrypted on his computer, like with truecrypt or other programs. At least that is the most likely interpretation of his not very specific question.

[WeichertGriffin]

Your answer is correct, but that was not what he was asking about. He asked about files that are already encrypted on his computer, like with truecrypt or other programs. At least that is the most likely interpretation of his not very specific question.

This is correct.  I'd like to sync already encrypted files. 

 

Here's the plan

Computer A has the encrypted files and a private key.   The user can decrupt the files and modify them.

Computer B has the encrypted files but NO KEY.  No one on this computer can see the contents of the files.

Computer C has the encrypted files and a private key.   The user can decrupt the files and modify them.

 

The goal is to maintain security of files across the sync with only the users with keys to see the files.

 

The only way to anser this may be just to test several variations, but the question comes as to whether Computer A will decript the files before transfering them.  I did some research and it looks like several factors determine if a file is decrypted before it is copied to another source.  Some programs will retain the encryption state and others will decrypt the file on the fly as it is copied.  Ultimatly, the type of encryption and system type may be the determining factor, and not Bittorrent Sync.

 

Any feedback from someone doing this woule be helpful.

[Spacemarine]

Ultimatly, the type of encryption and system type may be the determining factor, and not Bittorrent Sync.

 

Exactly. That's what I was saying. If you can send the encrypted files via email, you can sync them with BTsync without decrypting them.

Which program do you intend to use to encrypt?

[WeichertGriffin]

I'd like a solution that is open source and supports at least PC and Linux.  Mac, Andriod and iOS support would be a bonus.

 

I'm thinking AES Crypt https://www.aescrypt.com/ eventhough it doesn't support folder, only files.  This means if a user creates a new file, it won't be encrypted automatically (I think).

 

VeraCrypt http://sourceforge.net/projects/veracrypt/ looks worth installing and playing with as well.

 

What ever solution I pick needs to be as user hands off as possible since the people I'm dealing with are confused when I tell them they can't get email when the power is off.

 

For now, I'm setting up BitTorrent Sync on the users computer and adding the folders I want backed up and telling them all their files are being "backed up" live.  "Like Carbonite without the $1000/yr pricetag"

[Spacemarine]

I'd like a solution that is open source and supports at least PC and Linux. 

 

I guess by PC you mean Windows? Or are you running Linux on hardware other than PC and want the encryption to work there also?

 

The two software solutions you refer to work completely different. AEScrypt encrypts every single file and every single file has to be selected by hand (at least that is the impression I got after reading the website for a minute) Definitely not a "hands-off" solution.

 

Veracrypt works just like truecrypt, which I have a lot of experience with. It encrypts a whole filesystem and writes it into a single file or encrypts a whole partition and writes it into a partition. This is definitely a hands-off solution, but will probably not go well BTsync. At least it is very troublesome with Dropbox, because Dropbox only syncs the encrypted file after is has been closed (unmounted, removed from operation) which is only the case when the user is finished working. So if two people work at the same time on the same set of encrypted files, there will be problems. I think the problem will be the same with BTsync.

 

So I see only two options here:

1. Use a software, that works well with Dropbox, then it should work well with BTsync. We have used Boxcryptor or EncFS, However EncFS is a pain to set up under Windows, Boxcryptor doesn't have Linux support at the moment.

2. Use just BTsync and make one of the computers an encrypted-read only node, this should also achieve your goals.

 

Please let me know if you find any alternative, I'm also interested in that.

[ChrisH]

If you sync files that are encrypted individually and if you open them on your PC first an decryption programs starts up, those files will also be encrypted on your sync partners. Those mostly will have an additional file extension (e.g. in AxCrypt's case: My Document.docx.axx).

 

If you sync files that are encrypted transparently (TrueCrypt, Windows EFS) BTSync reads and syncs them in clear text (unless the sync partner has an encrypted-read-only secret instead of the normal r/w or r/o ones). So you would have to sync the whole encrypted container (e.g. for TrueCrypt: the .tc file) instead of the individual files.

[RomanZ]

If you sync files that are encrypted transparently (TrueCrypt, Windows EFS) BTSync reads and syncs them in clear text (unless the sync partner has an encrypted-read-only secret instead of the normal r/w or r/o ones).

Not exactly. Sync will encrypt these files prior transferring, though they will be stored in decrypted way on peer's HDD - unless peer is using Encrypted Secret.