1.4 And Beyond -- How To Generate Encrypted Read Only Secret?

[wimbit]

I'm completely lost. The 'share' keys are all 33 chars now and I can't figure out a way to generate a EROS key without the api.

 

How to generate Encrypted Read Only Secret?

 

And if the api is the only way now, then perhaps a 'for dummies' guide to getting EROS nodes up and running.

 

Any help would be appreciated

[GreatMarko]

How to generate Encrypted Read Only Secret?

Please see: Generate Encrypted Read Only Secret Without API Key

[sfmcnally]

That method is the one I've used sucessfully since 1.3. Also seems to work well on 1.4.103

[wimbit]

Strange ... The folder share secret is already only 33 long.

Does EROS secret not exist for folders also shared on an Android device?

[BitDuck]

Since 1.4 there is a much simpler way to generate the encrypted read-only secret. No more counting characters etc..

 

Add the new folder, go to the folders preferences, show the keys with “View key”, copy the “Read & Write key” simply by clicking “Copy”, click on “Update key…”, paste the key and change only the first character from A to D. Hit “Update” followed by “Close”. Open the folders preferences again. Now you can see all three keys under the folders preferences.

[wimbit]

Since 1.4 there is a much simpler way to generate the encrypted read-only secret. No more counting characters etc..

Add the new folder, go to the folders preferences, show the keys with “View key”, copy the “Read & Write key” simply by clicking “Copy”, click on “Update key…”, paste the key and change only the first character from A to D. Hit “Update” followed by “Close”. Open the folders preferences again. Now you can see all three keys under the folders preferences.

I tried that. But the RW key is now 33 long, the Read only key is the longest, and the ERO is 33.

Is that correct?

See below, the keys are disposed of so don't mind sharing this:

[wimbit]

Apart from the query in the above post, I need to be able to use an already defined RW secret to get the encrypted-read-only secret because it is already synchronized with an Android device and several machines.

[BitDuck]

@wimbit I was hoping someone from the BTS team would answer, since they know the mechanism behind encryption and read-only. All I know is that this is a simple way to get all three different versions of the keys. Obviously, if you change the A to D you need to update all keys on all clients for the folder.

 

If the much simpler way to generate works for everyone, maybe it would be a good idea to put it into the “Sync Help Center” or at least into the “FAQ *Unofficial*” version maintained by GreatMarko.

 

A good place to read about the key structure is: http://help.getsync.com/customer/portal/articles/1628254-key-structure-and-flow

[wimbit]

Thanks BitDuck. I'm hoping the team chimes in. I don't see any way to get the EROS without changing the key at this point.

[wimbit]

Anyone?

[RomanZ]

@wimbit

I'm a bit lost on what's wrong with they keys. The architecture of Encrypted secrets did not change since 1.3. You get the 33 symbols of RW secret, you'll get 59 symbols of RO secret and 33 for Encrypted secret. If you update the key with existing and change just one letter A... to D... - Sync will calculate ERO and Enc keys for you.

 

Though, note - these new triple of keys are completely new keys, not related to the A... and B... you had before - so if you had some peers using them, you'll have to update with new keys manually. 

 

Could you please elaborate your question?

[wimbit]

@wimbit

I'm a bit lost on what's wrong with they keys. The architecture of Encrypted secrets did not change since 1.3. You get the 33 symbols of RW secret, you'll get 59 symbols of RO secret and 33 for Encrypted secret. If you update the key with existing and change just one letter A... to D... - Sync will calculate ERO and Enc keys for you.

Though, note - these new triple of keys are completely new keys, not related to the A... and B... you had before - so if you had some peers using them, you'll have to update with new keys manually.

Could you please elaborate your question?

My bad! I couldn't figure out how to get the first 33 symbols of the RW secret. But ... aha ... it is the first 33 of the RO secret.

And that's from me -- someone that's actually done the encrypted node set up successfully before with 1.3 on a whole system

Please, save dummies like me such trouble and make a way to get at the EROS keys without having to do the A to D key switch.

[wimbit]

Actually, i was right!

 

The old method does not work! The folder preferences only shows a 33 char RO key and 33 char RW key. Unless I update the key from A to D, there is no way to get at an encyrpted RO key.

 

@Romanz. What to do to get the EROS the old way? 

[RomanZ]

@wimbit

We'll make encrypted keys available in UI eventually. 

 

The old method does not work! The folder preferences only shows a 33 char RO key and 33 char RW key. Unless I update the key from A to D, there is no way to get at an encyrpted RO key.

Because the non-encrypted RO key IS 33 symbols. When you replace A... to D... you are forcing sync to re-generate RO and Encrypted keys, and Encrypted RO is now going to be 59 symbols. What makes you think it was different earlier? Sample step-by-step scenario, video, etc?

[wimbit]

Because the non-encrypted RO key IS 33 symbols. When you replace A... to D... you are forcing sync to re-generate RO and Encrypted keys, and Encrypted RO is now going to be 59 symbols. What makes you think it was different earlier? Sample step-by-step scenario, video, etc?

 

Previously, one could just obtain the ordinary RO secret, take the first 33 and then change the letter.

 

As per here:

http://forum.bittorrent.com/topic/25823-generate-encrypted-read-only-secret-without-api-key/#entry80161

 

So, the "force change from A to D and then update" is what changed in 1.4.

[wimbit]

Can we get a confirm on that? RomanZ? It should be documented as a change from 1.3 to 1.4 at least.

[RomanZ]

@wimbit

There is no change in encrypted secrets. The algorithm of "taking first 33 symbols and changing E to F" is working for 1.4 as well (though not needed anymore). But you can't get an ordinary RO secret (the one starting from B...) and make it encrypted - and could not in 1.3.

 

The A and B secrets relate to non-encrypted world. The D, E and F are encrypted. They do not intersect.

 

I guess you are confusing something. Could you please describe in a very detailed way, step-by-step - what were you doing in 1.3 with encrypted secrets what is not working for 1.4? This will really help.

[wimbit]

OK .. here is what happened ...

 

I have secrets from two different versions in my sync folders.

 

A set of secrets pre-1.4 and a set of secrets 1.4.

 

The pre-1.4 secrets were already showing the RW/RO/ERO secrets as the expected length,

The 1.4 secrets were showing the new format and I could not understand why those ones had the wrong length.

 

So, I did the A to D switch for the 1.4 version secrets, and switched them on all my machines. 

 

It's all good now -- I didn't realize that the short secrets were the 1.4 edition ones until I looked at the other ones!

 

[fyl]

Folks,

 

Now assuming my source machine fails, can someone advise how would i decrypt those files that are sitting on a machine which had those files which were synced using the Encrypted key alone ? 

 

Thanks.

[RomanZ]

@fyl

To recover files from encrypted you need:

 

1) Actually encrypted files

2) Sync DB from encrypted peer (this is a must. If you kill it / damage it - no way to restore files)

3) RW key (one starting with D...)

 

And to actually recover files you need to run Sync on some working computer with DB from #2 and files stored in completely same paths as they were on dead PC.

 

For example, you got your Win8 dead. Sync DB was stored in %APPDATA%\BitTorrent Sync, and your files in D:\MySyncFiles.

- get the new computer, install Sync of the same version, shut it down.

- copy %APPDATA%\BitTorrent Sync from dead PC to %APPDATA%\BitTorrent Sync on new PC

- Make the D:\MySyncFiles on new PC, put all the files from dead D:\MySyncFiles there. Make sure you transferred all the files including hidden dirs.

- Run Sync.

- on a different computer install Sync and put the RW key there (any folder). It should start receiving the data from encrypted peer and decrypt it.

[fyl]

@fyl

To recover files from encrypted you need:

 

1) Actually encrypted files

2) Sync DB from encrypted peer (this is a must. If you kill it / damage it - no way to restore files)

3) RW key (one starting with D...)

 

And to actually recover files you need to run Sync on some working computer with DB from #2 and files stored in completely same paths as they were on dead PC.

 

For example, you got your Win8 dead. Sync DB was stored in %APPDATA%\BitTorrent Sync, and your files in D:\MySyncFiles.

- get the new computer, install Sync of the same version, shut it down.

- copy %APPDATA%\BitTorrent Sync from dead PC to %APPDATA%\BitTorrent Sync on new PC

- Make the D:\MySyncFiles on new PC, put all the files from dead D:\MySyncFiles there. Make sure you transferred all the files including hidden dirs.

- Run Sync.

- on a different computer install Sync and put the RW key there (any folder). It should start receiving the data from encrypted peer and decrypt it.

 

It works just using the RW keys and restoring to another new folder path. I didn't try the %AppData% bit though but I will trust you on that.

 

I assume for a linux server setup,I would just need to backup the entire BTsync app folder and restore it correct ? 

[RomanZ]

@fyl

Now assuming my source machine fails, [...]

I assumed your computer with encrypted data was dead, but you have only access to HDD. If it runs successfully - all you need is to add RW secret so some other peer and Sync will do the job.

 

I assume for a linux server setup,I would just need to backup the entire BTsync app folder and restore it correct ?

For any setup you need to backup the actual folder you were syncing and the "storage" folder which keeps the DB. On Win that would be %appdata%\BitTorrent Sync, for Linux - it depends on package you use and your setup. By default Sync creates the .sync subfolder next to binary and saves DB there.

[randyharris]

How is an Encrypted Read Only key generated in 2.0, I can't figure it out.

[el_milagro]

How is an Encrypted Read Only key generated in 2.0, I can't figure it out.

 

I can't either. I posted about my shitty workaround in the troubleshooting forum here: http://forum.bittorrent.com/topic/34307-how-do-we-create-encrypted-read-only-peers-in-20/ but have received no comment on whether there's a simpler way that doesn't require providing your own random data or using old 1.4 folders.

[RomanZ]

@el_milagro

There is no way to add Encrypted folder via UI in 2.0 explicitly. You have either force Sync to generate a regular key for you by adding a classic folder (hold shift, then click the "Add folder") - then you can replace "A" with "D".

OR - generate it on your own. I can slightly improve your instruction on generating own keys - you need to generate 20 bytes of random data, Base32 encode them (yeah, the strange encoding containing A..Z and 2..7 is Base32) and prepend with "D" to get the secret.