search

jstaf / onedriver

A native Linux filesystem for Microsoft OneDrive
GNU General Public License v3.0
1.86k stars 91 forks source link

Encrypted Paths on Remotes #313

Open mvousden opened 1 year ago

mvousden commented 1 year ago

I'd like to store my files encrypted on the OneDrive server under encrypted paths, and be able to work with them decrypted on my local machine.

Is there a way to introduce such a layer of encryption between the clients and OneDrive? How could one modify onedriver to support this?

Thanks!

abraunegg commented 1 year ago

@mvousden OneDrive itself, was not written with the use-case of keeping items on OneDrive in an encrypted state. The biggest flaw that it has is the 400 character limitation for filename + pathname for the entire tree.

Example, if you use eCryptFS locally, your directory names are all encrypted, filenames as well - and you can sync this to OneDrive - but, will have issues once you get a few folders deep.

The only solution to putting encrypted data into OneDrive, and having that decrypted locally is to use cryptomator

Please read https://github.com/abraunegg/onedrive/issues/1023 for further details.

mvousden commented 1 year ago

@abraunegg, thank you for your swift response. My journey so far might be of interest (or not):

I have tried using eCryptFS to do this, and ran into the problem you outlined.

I have also tried to use Cryptomator with your OneDrive client (which was wonderful to use), but as one of my local machines is headless, and as the CLI implementation is recommended only for testing and evaluation, it's not suitable for my use case.

The other solution I've found, to add to your answer, is to use rclone's crypt adaptor (https://rclone.org/crypt/), which sensibly deals with OneDrive's filename and directory limit for my use case (with its filename encoding option), but the differencing causes synchronisation to take too long for me (8500 files at about 3.3GiB). It also doesn't encrypt the tree itself, beyond the directory names. Someone else might find this a good option if their file/size/patience is different to mine. As yet another aside, a solution that ties the generation of rclone's the differencing lists to something like fanotify would solve this problem.

abraunegg commented 1 year ago

@mvousden

but as one of my local machines is headless, and as the CLI implementation is recommended only for testing and evaluation, it's not suitable for my use case.

Unsure where you get the idea that the client I develop & maintain is only for testing and evaluation. Can you help me understand this statement ?

mvousden commented 1 year ago

Your client isn't, but the Cryptomator CLI project is.