What do you use for cloud file encryption?

YmpkerYmpker OGContent WriterSenpai
edited February 2022 in General

Looking to encrypt particular sensitive files/folders on cloud storage (e.g. GDrive). So far I have used Veracrypt (a long while ago) and 7ZIP Encryption feature to accomplish this.

Have recently been looking at other alternatives like Cryptomator, Boxcryptor and, because I used it in the past, Veracrypt. It seems Cryptomator and Boxcryptor would be more comfortable to use if you'd also use files on your phone.

Cryptomator is free, Boxcryptor has more integrations and seems to be more established. Cryptomator only has like 10k downloads on Android which doesn't instill too much confidence (also not so many followers on socials). It's Open Source, though.. Which solution do you use and why? Feel free to introduce other solutions, too :)

«1

Comments

  • Rclone (https://rclone.org/) is something that is extremely useful to have a single unified interface across multiple storage backends.

    Thanked by (2)Ympker chimichurri
  • YmpkerYmpker OGContent WriterSenpai

    @nullnothere said:
    Rclone (https://rclone.org/) is something that is extremely useful to have a single unified interface across multiple storage backends.

    Will have a look, thanks! Would I still be able to view encrypted files on my Android phone with rclone, though? The way I understand it, Cryptomator/Boxcryptor would allow me to vidw encrypted files on any device.

  • @Ympker said: Would I still be able to view encrypted files on my Android phone with rclone

    I think there are rclone "clones" for Android that give you equivalent functionality. You will of course need to know the password (in case you encrypt).

    Think of rclone as more of a automation/scriptable tool rather than something that is "UI" based. If your primary need is to view encrypted files and interact as a "user" with GDrive/OneDrive etc., then rclone may not be the right tool. OTOH, if you're looking at automating backups to the cloud or otherwise storing sensitive data in a reasonably automated fashion like cron (etc.) rclone is THE tool for you esp. since it is a single tool that works with all kinds of different backends.

    For my use cases, I prefer rsync for automation when I control the storage backend (which is 95% of my use case). In those cases where I want a dont-worry-about-storage type of (failsafe) backup (esp. to protect me from my own stupidity at the storage layer), I use rclone to save encrypted files on GDrive/OneDrive. I don't use cryptomator because for me shell is where I (mostly) live. For routine backups, I just use borg(backup) (encrypted) which gives me everything I need for serious DR.

    When you start hitting serious volumes though, nothing comes close to rsync (batched) on an (encrypted) ZFS backend. Gives you everything you need including (immutable) snapshots and relatively quick syncs/updates.

    As an aside, this is where I was trying to figure out things with Hetzner's new storage box pricing (which is quite attractive) - since it gives you all the benefits of ZFS (minus encryption) without actually having to manage it. Of course one can't have the cake and eat it too...

    Thanked by (3)Ympker vimalware Ironia
  • YmpkerYmpker OGContent WriterSenpai

    @nullnothere said:

    @Ympker said: Would I still be able to view encrypted files on my Android phone with rclone

    I think there are rclone "clones" for Android that give you equivalent functionality. You will of course need to know the password (in case you encrypt).

    Think of rclone as more of a automation/scriptable tool rather than something that is "UI" based. If your primary need is to view encrypted files and interact as a "user" with GDrive/OneDrive etc., then rclone may not be the right tool. OTOH, if you're looking at automating backups to the cloud or otherwise storing sensitive data in a reasonably automated fashion like cron (etc.) rclone is THE tool for you esp. since it is a single tool that works with all kinds of different backends.

    For my use cases, I prefer rsync for automation when I control the storage backend (which is 95% of my use case). In those cases where I want a dont-worry-about-storage type of (failsafe) backup (esp. to protect me from my own stupidity at the storage layer), I use rclone to save encrypted files on GDrive/OneDrive. I don't use cryptomator because for me shell is where I (mostly) live. For routine backups, I just use borg(backup) (encrypted) which gives me everything I need for serious DR.

    When you start hitting serious volumes though, nothing comes close to rsync (batched) on an (encrypted) ZFS backend. Gives you everything you need including (immutable) snapshots and relatively quick syncs/updates.

    As an aside, this is where I was trying to figure out things with Hetzner's new storage box pricing (which is quite attractive) - since it gives you all the benefits of ZFS (minus encryption) without actually having to manage it. Of course one can't have the cake and eat it too...

    Thanks for going that much into detail. Considering all this, it seems like I have different use cases for encryption anyway.
    That sheds a bit more light about your questions regarding Hetzner, though :D

    1) For one, I have website/wordpress backups that I would like to encrypt for security reasons. Seems like rclone/rsync will be a good fit here. If I understood you correctly I can just encrypt my files on my Windows 10 Rig (with WSL or VMBox ZorinOS and rsync/rclone) and then send them to GDrive (also via CLI), correct?

    2) I also backup DRM-free games I get from GOG and/or Steam to Koofr cloud, so I still have the (installation) files whenever I need them. I would also like to encrypt these folders/files. Probably a case for rsync/rclone, too.

    3) At last, there are some sensitive/important documents I want to encrypt, but also view (and perhaps even edit) on the go. I guess for that case I would then use Cryptomator/Boxcryptor, correct?

    Do you agree, or would you change anything? What would be the downside of using one of the GUI tools for all (Cryptomator or Boxcryptor)? Given that it seems that the GUI tools can handle Windows and Linux and Android (phone) just fine, but rclone/rsync is somewhat limited to CLI/Linux in that regard. Only automation seems to speak for rclone/rsync in that case, albeit that could also be achieved by having website backups/drm files on a desktop folder that is synced with the cloud and having that folder encrypted using Boxcryptor/Cryptomator.

    Thanked by (1)nullnothere
  • edited February 2022

    1) Yes, use the crypt backend @vyas mentioned to encrypt/decrypt on the fly
    2) Indeed sounds like a good use case for rclone.
    3) I haven't used it myself but it seems there is an rclone Android client supporting crypt: https://x0b.github.io/docs/ / https://play.google.com/store/apps/details?id=io.github.x0b.rcx&hl=en_US&gl=US

    One argument in favor of rclone would be that it's relatively lightweight vs. the Java bloatware that is Cryptomator, and compared to Boxcryptor, it's 100% free and not barely usable limited freemium (unless you pay up, the latter is only 1 provider and 2 devices for free, srsly? -_-')

    Thanked by (2)Ympker nullnothere

    Contribute your idling VPS/dedi (link), Android (link) or iOS (link) devices to medical research

  • YmpkerYmpker OGContent WriterSenpai
    edited February 2022

    @chimichurri said:
    1) Yes, use the crypt backend @vyas mentioned to encrypt/decrypt on the fly
    2) Indeed sounds like a good use case for rclone.
    3) I haven't used it myself but it seems there is an rclone Android client supporting crypt: https://x0b.github.io/docs/ / https://play.google.com/store/apps/details?id=io.github.x0b.rcx&hl=en_US&gl=US

    One argument in favor of rclone would be that it's relatively lightweight vs. the Java bloatware that is Cryptomator, and compared to Boxcryptor, it's 100% free and not barely usable limited freemium (unless you pay up, the latter is only 1 provider and 2 devices for free, srsly? -_-')

    Thanks for chiming in, mate! :D
    Will check out that rclone Android client. Still leaning toward Cryptomator for mobile. Maybe that's due to home bias (Cryptomator is made in Germany according to the Imprint) and (possibly) convenience. I will give that rclone client a try, though.
    Boxcryptor seems good if it wasn't for the monthly fee. Their free plan is way too limited (just two devices), so I am going to skip that one.

  • AmitzAmitz OG
    edited February 2022

    I switched from Boxcryptor to Cryptomator around 2-3 years ago. It works fine for me on Linux, macOS, iOS and Windows and I have nothing to complain about. Besides the iOS app not being too great, but so is the Boxcryptor app too. But it does the job. So, at least my humble recommendation: Cryptomator.

    Thanked by (1)Ympker

    Amitz, a very stable genius (it's true!) and Grand Rectumfier of the official LESLOS® (LES League of Shitposters).
    Certified braindead since 1974 and still perfectly happy.

  • YmpkerYmpker OGContent WriterSenpai

    @Amitz said:
    I switched from Boxcryptor to Cryptomator around 2-3 years ago. It works fine for me on Linux, macOS, iOS and Windows and I have nothing to complain about. Besides the iOS app not being too great, but so is the Boxcryptor app too. But it does the job. So, at least my humble recommendation: Cryptomator.

    That's good to hear, mate. Since I don't see that many followers on Cryptomator socials (Twitter, Reddit, Github; most being under 7k), do you think it will stick around in the times to come? The "Made in Germany" part instills confidence that they won't just abandon ship and ghost their users (and there is the "Open Source" factor), however it suggests that not too many people are using/have tested it. Android Appstore shows 10k downloads (as opposed to Boxcryptor 100k).

    Did you have any corrupted data yet (some Reddit posts and Android reviews speak of corrupted, irrecoverable data..).

  • @chimichurri said: 1) Yes, use the crypt backend @vyas mentioned to encrypt/decrypt on the fly

    @Ympker - Exactly as above. It is only the fly - so you write unencrypted stuff and it actually gets encrypted and saved onto whatever (cloud) end point.

    @chimichurri said: 2) Indeed sounds like a good use case for rclone.

    Yes. Easier than gpg or some other encrypt first and then upload.

    The only "pain" with rclone is that it is a little more of a hassle (and slower) when compared to something like native rsync over ssh. But in many cases it is quite worth the pain simply because it's the only one tool that you really need to manage (though via CLI without any pretty GUI as such).

    If your use case is a lot of UI like file manager drag-n-drop, then Cryptomator is probably the easiest.

    rclone is really very handy and I strongly suggest you at least learn enough about it to keep it as a handy tool in your toolkit.

    Never hurts and it's practically available as a binary on every platform.

    @Ympker said: Thanks for going that much into detail.

    Happy to esp. if it's useful to anyone out there. I'm usually a lurker since I don't typically have much value to add :sweat_smile:

    Thanked by (1)Ympker
  • So far I just use tar and gpg. I tried duplicity a while back and found it slow and cumbersome, and borg looks to be even worse. I had heard of rclone but not really looked into it. I just spent a few minutes looking at its docs. It is nice in some ways, but rclone crypt leaks too much metadata imho, it has a few design smells that bother me, and it would be nice if it could do public-key encryption. I may use it anyway. It is nice that it has an sftp backend, so it should work with Hetzner Storagebox.

    Thanked by (1)Ympker
  • I still use Veracrypt, but have been thinking about switching to Cryptomator. I tried Cryptomator a few weeks ago and it worked well, but for some reason I prefer Veracrypt. Probably just familiarity and stability, since I've been using it (or TrueCrypt) for years without issues.

    As I understand it, one of the big selling points of Cryptomator is the volume is split up into lots of files which are faster to sync, especially if your cloud storage doesn't support block level syncing.

    I'm curious to hear what you end up deciding on.

    Thanked by (1)Ympker
  • @willie said:
    I tried duplicity a while back and found it slow and cumbersome

    Any specifics? How does it compare vs duplicacy vs duplicati? I don't use any of these (borg, see below).

    borg looks to be even worse.

    I'm very curious on your reasons/findings. I'm a heavy borg user and I have literally no complaints (again for my shell/cli based usage and to cron-ify things, it is all I really need). There's also borgmatic which is a useful borg wrapper for many use cases (and I use borgmatic as well).

    With borg's mount support, things become very easy to restore a single file (or a small set of files) if required.

    Hopefully there's some misconception that can be cleared up - because borg is really awesome.

    rclone crypt leaks too much metadata imho

    The encryption is at a per-file level so this is something that's not easy to overcome. Splitting a file at the storage level is also rather painful considering the limitations of various cloud providers and the FS semantics they expose.

    public-key encryption

    Why? The intended use case is to protect the data from prying by the untrusted storage backend. Not really for asymmetric use cases. Besides, even in the asymmetric use case, only the actual key (symmetric, used for encryption) will likely be wrapped in PKI.

    It is nice that it has an sftp backend, so it should work with Hetzner Storagebox.

    Hetzner supports rsync (and borgbackup) over SSH (with keys)- so they may be better depending on your use case.

    Thanked by (1)casadebamburojo
  • williewillie OG
    edited February 2022

    Recording some thoughts in case I decide to code something. I don't know of anything like this but the following approach seems obvious:

    • All objects (files or whatever) on remote side are opaque (appear to be random) and of fixed size (like 50MB), for metadata obfuscation and efficient transfer. All remote filenames are meaningless strings or numbers.
    • Actual metadata is stored in a local database (sqlite etc) that is mirrored on remote in encrypted form. Local file xyz.txt would live in some byte range(s) in one or more remote blocks, and the database would say how to find it.
    • FUSE layer for mounting the backup as a local FS, making use of the db. It might have to be read-only since idk if you can update the middle of a remote block, and if it's a backup you might not want to allow that anyway.
    • dump/restor like utility (maybe adapted from existing) for doing full and incremental/differential backups
    • Public key encryption for making backups, so you can backup from a script without any stored secrets. You'd need secret key to restore but not to dump.

    @nullnothere I'm not familiar with duplicacy or duplicati. I don't remember that much about duplicity other than it was painful, but I'll see if I can collect my thoughts. I only looked at borg for a minute and saw that it tries to deduplicate which I think isn't a great idea for a backup system, besides creating extra work (slowdown). Here the bottleneck is likely to be the network connection to the backup server though.

  • @willie said:
    Recording some thoughts in case I decide to code something. I don't know of anything like this but the following approach seems obvious: ...

    Duplicati does something like this (chunk sizes, metadata DB etc.) of course I don't know the specifics of the implementation.

    • Public key encryption for making backups, so you can backup from a script without any stored secrets. You'd need secret key to restore but not to dump.

    Asymmetric encryption is quite expensive - so this will have to rely on some form of a master key to encrypt which pretty much exposes it to the client - so no go. Not sure if there is an easy (but strong/effective ) work around for this problem. Even LUKS, which allows multiple keys to access the master key has the same issue.

    I only looked at borg for a minute and saw that it tries to deduplicate which I think isn't a great idea for a backup system

    No - it is actually a very useful aspect to capture invariant (and incremental) data and reduce the overall size of the backup store to allow multiple versions to coexist. It is remarkably efficient for the typical backup case (personal files/home dir/email etc.)

    Borg also supports an append only mode (for untrusted clients) to sort of help with malicious clients that have access to the repository.

    Borg is something you should really explore and see if you can use it. Doesn't work for Windows but works great on Linux (and I think Mac) - I really can't appreciate it enough.

  • Ok I'll see if I can find Duplicati. I guess if Borg's deduping doesn't slow stuff down and isn't discernable on the remote side, it can be ok. Public key encryption for something like this shouldn't have significant cost. Basically each server object (50MB or whatever, remember) is encrypted under its own session key and the session key is encrypted under the public key. The encrypted session key can be in the block itself or in the metadata db, or maybe both. It's not like LUKS where you have to encrypt individual disk blocks of 4096 bytes instead of 50MB, and you can't allow any overhead for stored session keys or a millisecond of cpu for the asymmetric crypto operation. 1ms of extra crypto per 50MB of data shouldn't cause any problems. 50MB is just a number pulled out of the air anyway. It could be much larger.

    Does Borg make any effort to not leak metadata? Are you able to backup at close to the full speed of the sftp channel? I guess I should look at it more.

  • @willie said: I guess if Borg's deduping doesn't slow stuff down and isn't discernable on the remote side, it can be ok.

    I've not had any troubles (or rather I'm willing to pay the performance penalty to gain the storage advantage of deduping).

    @willie said: encrypted under its own session key and the session key is encrypted under the public key.

    I understand but didn't get what the benefit of this is. Irrespective, the client needs the session key at encryption time.

    @willie said: Does Borg make any effort to not leak metadata?

    Yes - it chunks all the data into "blobs" of storage (fixed size, mostly) so there's nothing really revealed.

    I'd say give it a shot and test out how it performs for your use case and data. I think you'll be quite satisfied.

  • williewillie OG
    edited February 2022

    @nullnothere said: the client needs the session key at encryption time.

    The client generates the session key when you make a backup.

    Thanks for the recommendation about Borg. I'll check it out more carefully and probably give it a try.

    Thanked by (1)Ympker
  • @Ympker said:
    Did you have any corrupted data yet (some Reddit posts and Android reviews speak of corrupted, irrecoverable data..).

    No. Never. But I also never used the Android version. But: I access the encrypted data maybe 2-3 times a month. No heavy, daily usage...

    Thanked by (1)Ympker

    Amitz, a very stable genius (it's true!) and Grand Rectumfier of the official LESLOS® (LES League of Shitposters).
    Certified braindead since 1974 and still perfectly happy.

  • YmpkerYmpker OGContent WriterSenpai

    @jaden said:
    I still use Veracrypt, but have been thinking about switching to Cryptomator. I tried Cryptomator a few weeks ago and it worked well, but for some reason I prefer Veracrypt. Probably just familiarity and stability, since I've been using it (or TrueCrypt) for years without issues.

    As I understand it, one of the big selling points of Cryptomator is the volume is split up into lots of files which are faster to sync, especially if your cloud storage doesn't support block level syncing.

    I'm curious to hear what you end up deciding on.

    I hear you. Veracrypt has been my go-to solution in the past and I, too, connect it with stability.

    In the end, I decided to give rclone a try on one of my VMs but also bought Cryptomator on sale (Android) for like 6€, so I'll give that one a try, too :)

    Thanked by (1)jaden
  • havochavoc OGContent WriterSenpai

    rclone looks good except no incremental backup which strikes me as a bit of a showstopper. Mounting things locally sounds super useful though..the fact that you can use ncdu with it is wild

    Might use rclone for mount and borg for backups...but will come down to trying both

    Thanked by (1)Ympker
  • vyasvyas OGSenpai
    edited February 2022

    no incremental backup

    as @uptime would say…

    —ignore-existing

    Something something . You can also use

    —check-first

    always a good idea to use -n first

  • MichaelCeeMichaelCee Hosting ProviderOGServices Provider
    edited February 2022

    Using VeraCrypt for my pornographic bank statements.

    Thanked by (2)Ympker mikho
  • "Key senators have voted for the anti-encryption EARN IT act | Hacker News"
    https://news.ycombinator.com/item?id=30296333

    "it will let the use of encryption be evidence in lawsuits and criminal trials. The overt goal of EARN IT is to pressure internet companies to start doing widespread scanning of user messages and photos. This scanning is incompatible with strong encryption."

    "All encrypted Rclone files on Google Workspace is classed as illegal activity and to be acted upon immediately."

    Thanked by (1)Ympker
  • havochavoc OGContent WriterSenpai

    @vyas said: as @uptime would say…

    —ignore-existing

    As they say - sync is not backup

  • vyasvyas OGSenpai

    Obvious in the name. Rclone came from rsync not rbackup.

  • @bibble said:
    "All encrypted Rclone files on Google Workspace is classed as illegal activity and to be acted upon immediately."

    Oh, see, my GDrive just happens to be full of thousands of my home movies, each one exactly 64GiB of static!

    Thanked by (2)Ympker bibble
  • Ok I finally got around to looking at the borgbackup docs, and it looks like borg expects the backup repository to be sshfs mounted. It is possible to mount Hetzner storage box that way, but IME transfer is a lot slower (like 2x) with sshfs than with sftp. So, that makes borg suboptimal for storagebox unless I've missed something. Will look into rclone I guess.

    Thanked by (2)ehab Ympker
  • williewillie OG
    edited February 2022

    Added to above (past edit window): see https://borgbackup.readthedocs.io/en/stable/internals/security.html#fingerprinting

    It looks (per above) like borg also leaks metadata about file sizes etc. Not good. I'm glad that they considered and documented all these issues, but the cryptography in this program seems a little bit naive.

    OVH just destroyed my backup server so I need to do some new backups asap. I guess I will use Borg for now, but will keep thinking about alternatives.

  • Heard good things about Kopia in case you are looking for replacement ideas

    Contribute your idling VPS/dedi (link), Android (link) or iOS (link) devices to medical research

Sign In or Register to comment.