Storing data in a cryptocontainer on a remote server and working with them from Android devices

Once we were approached by our long-standing client using the corporate version of CyberSafe . For a sufficiently long period of joint cooperation, we were able to make sure that the issue of information protection in his company is far from the last last place for him. The meeting again confirmed this.

As it turned out, all corporate information in his company is stored encrypted on 4-Bay NAS Server . However, he did not want to store some data inside his company and decided to place them on a rented VPN server somewhere overseas. Thus, it would allow him not to keep these files in his office and he would not have to worry about their safety, as well as that they would attract unnecessary attention (in the case of an unexpected check, for example).
')
At the same time, preferring mobility and the ability to have constant access to encrypted files, it was important for him to work with them not only from the office, but also outside it from any smartphone on Android.

This conversation gave us the idea of ​​developing a mobile application that would not only support the basic encryption functions, but also allow working with encrypted files in a transparent mode, while these files are located not on the device itself, but on some remote server. The task looked quite interesting and it remained only to make it a reality. As a result, a joint effort was created Android application called CyberSafe Mobile .

The application can create cryptocontainers (here they are called safes ), which can be mounted and work with the files recorded in them in transparent mode. Encryption algorithms: AES or GOST at the user's choice. Created safes can later be used on the local computer in the PC version of the program and vice versa.

The problem described above was solved as follows.

1. We rent a server somewhere abroad. For example, here for € 74 you can rent a server in Germany from an already installed Windows Server 2012 R2.
2. Configure VPN .
3. Create a network folder on the server.
4. Create a cryptocontainer in this folder (or add an existing one). In the screenshot, this is done using CyberSafe Top Secret:



5. Connect the phone to the VPN:



6. Connect the created network folder to CyberSafe Mobile:



7. On the “Safes” tab in the connected network folder, we find the safe we ​​have created, select it and mount it:



Now all the files placed in the container are available to us to work on the smartphone in transparent encryption mode, while they are located on a remote leased server. As you know, one of the main drawbacks of cryptocontainers is that at the time of mounting they become vulnerable . However, when storing files on the server, this flaw does not manifest itself in any way and the maintenance personnel cannot in any way access the encrypted files, since the container is mounted on the user's device.

If necessary, several people can work with the files in the container at the same time, for this they will need access to the VPN, as well as a password to the container.

The disadvantage of this scheme is the low speed of data exchange - it requires high-speed Internet connection, and also does not provide for work with large crypto-containers.

As for the user who contacted us, he was satisfied with this decision and, quite possibly, now stores his information somewhere on the servers of sunny and warm Puerto Rico, and works with it on his smartphone from rainy and overcast Moscow.