⬆️ ⬇️

Overview of data encryption in the clouds for Windows

image In connection with the recent unexpected joy of free TB on Mail.ru Cloud, which quickly gave way to disappointment after reading its license agreement , I decided to do a little research on how to encrypt data in the clouds for Windows and collect all the interesting options in one place.



Input requirements are as follows:







The selected requirements mark the possibility of using Truecrypt crypto containers and multi-file archives. What options remain?

')

1) The most obvious is proprietary programs, positioned as a means to encrypt data in the cloud. For example, Boxcryptor, Cloudfogger and others like them. All of them work on the same principle: file-encrypt data on your disk on a file, and then use their Dokan or Eldos CBFS libraries to create their virtual decrypted representation. When working locally, files are transparently decrypted, and synchronized to the cloud encrypted.



Disadvantages of this approach:





2) The encfs port for Windows is encfs4win .

In addition to open source, the advantage of this approach is that encf4win supports the --reverse option . In reverse mode, as opposed to standard, local data remains intact, and only their display on the virtual disk is encrypted. For encfs4win to work, the Dokan version> 0.6 library is required .



The mount point of the folder with your files on a virtual encrypted disk "X:" is created with the command:

encfs.exe --reverse D:\Archive\ X: 




In expert mode settings you need to choose whether to encrypt file names, and also change the size of the encryption key from 192 to 256 bits. After successful mounting, the configuration file ".encfs6.xml" will appear in the source folder, save it.

Now you can start synchronization of the encrypted view of files on the "X:" drive with the cloud. Symbolic links in the source folder seem to be handled correctly.



To decrypt from the cloud on another computer, simply put in any folder the saved ".encfs6.xml" and mount it with the command:

 encfs.exe --reverse E:\some_folder\ X: 


Then any files copied from the cloud to the “X:” drive will be automatically decrypted in E: \ some_folder \



Disadvantages of the approach:





3) Local encryption in password-protected archives by file and their subsequent synchronization with the cloud. For example, the CryptSync utility can help automate this approach.





The main disadvantage of this approach is the need to keep two copies of files on a local disk.




The above solutions give us only an encrypted representation of the data. Further synchronization can be performed by your favorite webdav client, or by the official cloud client (with no webdav support). Below are the all-in-one options.




4) Duplicati is an open-source, cross-platform backup software. Her killer feature is the possibility of full-value incremental backups directly to the cloud. Google Drive, Skydrive, Amazon S3, Rackspace, Webdav, SFTP, FTP are supported. You can choose to encrypt the built-in library SharpAESCrypt or GnuPG. More information about the internal structure of the program.

Among the many Duplicati buns, the ability to quickly restore a single file from the cloud is also important for us. Backups when created are automatically split into blocks of 10 MB. Therefore, when recovering a single file, you will need to transfer a limited number of blocks.



Among other things, Duplicati is fully configurable via the command line and supports portable mode.



Disadvantages of using Duplicati:





5) Great webdav (and not only!) CarotDav client. Written on VB.NET and completely free to use and modify. According to the developer’s website, source code can be provided upon request. The list of implemented standards is impressive. In addition to webdav-clouds, SkyDrive, Dropbox, GoogleDrive, Box, SugarSync and FTP (S) are supported. There is a portable mode, the configuration can be protected by a master password.



To start encryption in the settings of the new connection, enter the password and select the “Escape string”, the signature, on the basis of which CarotDav determines that the file in the cloud is encrypted and needs to be decrypted.

image

Now all files uploaded through this connection will be automatically encrypted, and decrypted during downloading.

image

image



Tip!
To save the original modification date, CarotDav creates a CreationDate label for each PROPPATCH file stored on the webdav server. Some clouds have an incomplete implementation of the webdav protocol, for them you need to check the “Don't update property” checkbox on the Advanced tab of the connection settings.




Disadvantages:








Summary:

Unfortunately, I did not find the ideal option. For archiving projects with a large number of small files, I stopped at Duplicati. To back up media files now I use CarotDav in the hope that Encfs4win will be brought to mind sooner or later.

Source: https://habr.com/ru/post/207306/



All Articles