Convenient way to encrypt data in the cloud (by own means)
Dear community!
I want to share a way to conveniently transparently encrypt data that we transmit / download from the cloud.
But we should start with a review of the current situation.
')
There are clouds in which you can store a lot of different information. Sometimes done for free. It seduces. Many services are struggling to provide you with as many gigabytes and functions as possible. However, we must understand that free cheese is only in a mousetrap. The danger is that you transfer your files to the storage of someone else's uncle with unknown intentions in relation to you. And the danger of files, as an object of information, lies in the fact that you can make a copy from it and you will not know about this fact. Files can also be analyzed for different purposes. In general, a lot of things.
Those who adhere to the point of view “I have nothing to hide, let them look” - they may not read further. Continue to enjoy recent iCloud photo leaks, removing unlicensed content from the cloud, etc. Those who are interested in confidentiality of personal life and generally uncomfortable peeping behind you in the keyhole and launching the big brother's hand in your personal affairs - read on.
Clouds can be used. But you need to do right. The solution here is data encryption. However, you need to understand that encryption encryption is different. Many services shout that they have the best encryption algorithms. But these same services modestly keep silent about the fact that they themselves can access your data at any time. Therefore, the best option is to encrypt / decrypt data on YOUR side. Thus, the cloud always deals with encrypted content only. At the same time, the client encryption and cloud service should not be one owner. The ideal case is the open source client encryption.
So what we have with this approach:
Pros:
1. The cloud owner never has access to the contents of your files. No
2. All nodes in the chain following your traffic do not have access to your data. This, for example, the owner of the wifi point of the cafe, the provider, the owner of the trunk lines, the admins of the grid at your work, etc.
It's great.
Minuses:
1. You have extra worries in encryption / decryption, an extra load on the computer.
Who is more important. But, let's agree that:
1. The cloud for you is not a corporate tool for work. Although there may be options in the form of distribution of the password to colleagues.
2. The cloud for you is a personal data repository.
1. At the moment, no service provides the above-described content encryption model. It is understandable, it is unprofitable for him.
2. Googling, I was surprised to find that no one is particularly concerned about this problem. Perhaps the same trick is repeated with clouds as with social networks n-eleven years ago. When people, without thinking, about themselves all posted on the network. Who with whom in what relationship, where he served and worked. A gift to all special services and fraudsters.
Current solutions to the problem of ensuring the security of your own files in the cloud:
1. Encryption provided by the cloud owner. Protects only from other users, but not from the owner of the cloud.
2. Storage in a cloud of files in password-protected archives or encrypted containers (such as truecrypt). It is inconvenient to use, because in order to make a small change or just download the file, you need to download / fill the entire container. What is often not quick, if it is big.
3. VPN protects only the communication channel, but not the contents of the cloud.
4. The program BoxCryptor. She can encrypt files sent / merged from the cloud. But her work mechanism is inconvenient. You must have a synchronized copy of all cloud data on your local computer. In this copy, you work with data, and the program in an encrypted form pours / merges them into the cloud. Synchronizes in general. Inconvenient.
We want us to have a flash drive with us, insert it into any of our own (or not ours) computer with an internet connection, we launch a program from it. We have a virtual disk in the system, going into that (who is an explorer, who is Total Commander) we will get into our account in the cloud. We see our files, do with them what we need. And then we turn everything off and go. But if we enter our account without launching this magic program, then we (or the attacker, admin-sniffer, owner of the cloud, etc.) will see a lot of garbage - both in the file names and in their contents.
As an option - to put this program permanently on all your computers and forget about its existence and the need for periodic launch. This method will work with all types of clouds that support the WebDAV standard and allow you to store just arbitrary files that meet the standards of file systems.
Googling, I found only 2 options for solving the issue of encryption almost in the form in which I need.
1. WebDav plugin for Total Commander. Adds a cloud account in Total Commander and it becomes visible as a disk. To which you can copy files. However, it does not support encryption yet. My attempts to entreat the author to include encryption in him and become the first Gisler to solve this problem were not crowned with success.
2. Program CarotDAV, about which you have already written on this site. She is able to encrypt files and names alone. And everything would be fine, but it has an explorer interface, which is inconvenient.
And, in fact, it happened that for the sake of what I am writing this long post.
I was able to persuade the author to include support for mounting a virtual disk in his program. I was sent his test version, which I am testing now.
Actually, the program is easy, everything works as it should. But the most important thing is that now you can be sure that your files in the cloud belong only to you - while maintaining an easy and convenient way to access them.
I invite everyone who is interested and who needs such a program to join the testing.
PS The author on the site declares that he can send the source.
Links to additional materials
habrahabr.ru/post/207306
habrahabr.ru/post/209500
Accordingly, I will unsubscribe from the test results.
UPD1: the program supports not only Webdav, but almost all types of common repositories.
UPD2: portable version, worn on a flash drive / lying on your computer, eliminates the need to install a program.
UPD3: The process looks like this for me: I launch a program and a virtual disk appears on my system. I work with him using total. I close the program - the disk disappears. In one click, nowhere is easier.
I want to share a way to conveniently transparently encrypt data that we transmit / download from the cloud.
But we should start with a review of the current situation.
')
There are clouds in which you can store a lot of different information. Sometimes done for free. It seduces. Many services are struggling to provide you with as many gigabytes and functions as possible. However, we must understand that free cheese is only in a mousetrap. The danger is that you transfer your files to the storage of someone else's uncle with unknown intentions in relation to you. And the danger of files, as an object of information, lies in the fact that you can make a copy from it and you will not know about this fact. Files can also be analyzed for different purposes. In general, a lot of things.
Those who adhere to the point of view “I have nothing to hide, let them look” - they may not read further. Continue to enjoy recent iCloud photo leaks, removing unlicensed content from the cloud, etc. Those who are interested in confidentiality of personal life and generally uncomfortable peeping behind you in the keyhole and launching the big brother's hand in your personal affairs - read on.
Clouds can be used. But you need to do right. The solution here is data encryption. However, you need to understand that encryption encryption is different. Many services shout that they have the best encryption algorithms. But these same services modestly keep silent about the fact that they themselves can access your data at any time. Therefore, the best option is to encrypt / decrypt data on YOUR side. Thus, the cloud always deals with encrypted content only. At the same time, the client encryption and cloud service should not be one owner. The ideal case is the open source client encryption.
So what we have with this approach:
Pros:
1. The cloud owner never has access to the contents of your files. No
2. All nodes in the chain following your traffic do not have access to your data. This, for example, the owner of the wifi point of the cafe, the provider, the owner of the trunk lines, the admins of the grid at your work, etc.
It's great.
Minuses:
1. You have extra worries in encryption / decryption, an extra load on the computer.
Who is more important. But, let's agree that:
1. The cloud for you is not a corporate tool for work. Although there may be options in the form of distribution of the password to colleagues.
2. The cloud for you is a personal data repository.
Current status
1. At the moment, no service provides the above-described content encryption model. It is understandable, it is unprofitable for him.
2. Googling, I was surprised to find that no one is particularly concerned about this problem. Perhaps the same trick is repeated with clouds as with social networks n-eleven years ago. When people, without thinking, about themselves all posted on the network. Who with whom in what relationship, where he served and worked. A gift to all special services and fraudsters.
Current solutions to the problem of ensuring the security of your own files in the cloud:
1. Encryption provided by the cloud owner. Protects only from other users, but not from the owner of the cloud.
2. Storage in a cloud of files in password-protected archives or encrypted containers (such as truecrypt). It is inconvenient to use, because in order to make a small change or just download the file, you need to download / fill the entire container. What is often not quick, if it is big.
3. VPN protects only the communication channel, but not the contents of the cloud.
4. The program BoxCryptor. She can encrypt files sent / merged from the cloud. But her work mechanism is inconvenient. You must have a synchronized copy of all cloud data on your local computer. In this copy, you work with data, and the program in an encrypted form pours / merges them into the cloud. Synchronizes in general. Inconvenient.
What do we want?
We want us to have a flash drive with us, insert it into any of our own (or not ours) computer with an internet connection, we launch a program from it. We have a virtual disk in the system, going into that (who is an explorer, who is Total Commander) we will get into our account in the cloud. We see our files, do with them what we need. And then we turn everything off and go. But if we enter our account without launching this magic program, then we (or the attacker, admin-sniffer, owner of the cloud, etc.) will see a lot of garbage - both in the file names and in their contents.
As an option - to put this program permanently on all your computers and forget about its existence and the need for periodic launch. This method will work with all types of clouds that support the WebDAV standard and allow you to store just arbitrary files that meet the standards of file systems.
Googling, I found only 2 options for solving the issue of encryption almost in the form in which I need.
1. WebDav plugin for Total Commander. Adds a cloud account in Total Commander and it becomes visible as a disk. To which you can copy files. However, it does not support encryption yet. My attempts to entreat the author to include encryption in him and become the first Gisler to solve this problem were not crowned with success.
2. Program CarotDAV, about which you have already written on this site. She is able to encrypt files and names alone. And everything would be fine, but it has an explorer interface, which is inconvenient.
And, in fact, it happened that for the sake of what I am writing this long post.
I was able to persuade the author to include support for mounting a virtual disk in his program. I was sent his test version, which I am testing now.
Actually, the program is easy, everything works as it should. But the most important thing is that now you can be sure that your files in the cloud belong only to you - while maintaining an easy and convenient way to access them.
I invite everyone who is interested and who needs such a program to join the testing.
PS The author on the site declares that he can send the source.
Links to additional materials
habrahabr.ru/post/207306
habrahabr.ru/post/209500
Accordingly, I will unsubscribe from the test results.
UPD1: the program supports not only Webdav, but almost all types of common repositories.
UPD2: portable version, worn on a flash drive / lying on your computer, eliminates the need to install a program.
UPD3: The process looks like this for me: I launch a program and a virtual disk appears on my system. I work with him using total. I close the program - the disk disappears. In one click, nowhere is easier.
Source: https://habr.com/ru/post/241720/
All Articles