Feature request: Encryption

Discuss new features and functions
User avatar
Posts: 6
Joined: 4 Feb 2016

HawkTroy

The topic of encryption has appeared in multiple posts on this forum. I am well aware of the developers' position on this issue.

Zenju has argued that encryption is better handled by other specialized software, and they have a valid point. Encryption is difficult. Vulnerabilities are hard to eliminate. If badly done, a false sense of security for inexperience users could be worse than no encryption at all. There are software out there that are far better on encryption than FreeFileSync can reasonably become in near future.

HOWEVER, I still think there's good reason to include encryption in FreeFileSync, especially for encryption on cloud storage.
I'll start by listing some great encryption utilities and why unfortunately they don't quite work for this purpose.

- TrueCrypt and its forks:
I use VeraCrypt, and it's fantastic at what it does. Full disk/system encryption, smooth integration, minimal footprint, good security. But by design it cannot encrypt my files on the Dropbox server.
I could use a container, but having more than 3GB of encrypted data, such a container is basically unmanageable on the cloud. I cannot download individual encrypted files, nor can I utilize file version history feature of Dropbox.

- Almost all other file / cloud encryption utilities. For example, the ones listed in these two links:
http://www.techsupportalert.com/best-free-encryption-utility-for-cloud-storage
http://www.techsupportalert.com/best-free-file-encryption-utility.htm
PORTABILITY!!! If I want to access some files in my encrypted folder on Dropbox from a friend's computer, it'd be a big hassle using one of these utilities.

- One exception: CryptSync (the one I'm currently using)
Using this tool, I can have a local unencrypted copy and an encrypted copy in Dropbox, so it's easy to work with. Best of all, it's highly portable, because it uses 7-Zip to encrypt and archive. I can open it on any computer with a file archive software. Also 7-Zip has a portable version (from PortableApps.com).
Then what's the problem? --- CryptSync has very limited file syncing features. It has bad deleted/moved file detection (no database like "sync.ffs_db") and a very limited filter. These limitations gets irritating over the time.

What I wish to have is something that combines the existing good features of FreeFileSync and CryptSync (basically 7-Zip).
I'm not looking for anti-NSA level encryption. I'm not worried about local unencrypted files (my hard disk is encrypted). Just want my files on the cloud encrypted so Internet bullies (personal or corporate) can't easily get me.

I don't really expect this single post to change the developers' mind. I understand there could be other reasons why they've been very reluctant to even consider implement an encryption feature. But I have to throw in my two cents to let them know that some users really like to have this feature (and with good/not-so-bad reasons).
Posts: 1
Joined: 14 Dec 2016

SteveM

A good post - many thanks. I too need file level encryption for my cloud storage (I'm also using VeraCrypt locally). I wasn't aware of CryptSync but as a result of your post I have switched. Sorry FreeFileSync!
Posts: 1
Joined: 13 Jan 2017

achayka

it should be possible to do via script that will do 7-zip encryption and then FreeFileSync call
User avatar
Posts: 6
Joined: 4 Feb 2016

HawkTroy

it should be possible to do via script that will do 7-zip encryption and then FreeFileSync call achayka, 13 Jan 2017, 15:44
Since I'd like a local unencrypted copy and a cloud encrypted copy synced all the time, encryption should be integrated with the syncing. A separate call is unlikely to work.
CryptSync works fine for most purposes, although somewhat lacking in deletion detection.
Posts: 15
Joined: 29 Jan 2018

randomUser

I would really love this feature. HawkTroy exactly discribes my problem.

Is it that hard to implement a 7z encryption prior to coping the files? I mean, everything in FFS is there allready and Cryptsync is OpenSource.
Posts: 15
Joined: 29 Jan 2018

randomUser

by the way, ... @Zenju: are you the only developer?
No GitHub, Sourceforge, etc.? (if i would be able to implement it in the source code)

and 7z should be easily to run in a cmd line:

https://www.cnx-software.com/2011/02/22/aes-256-encryption-and-file-names-encryption-with-7-zip-7z/
Posts: 15
Joined: 29 Jan 2018

randomUser

Found another solution. Cyberduck as a FTP/SFTP/webdav/webdavS client that supports Cryptomator Vaults (for good encryption). Mountainduck is Cyberduck + Mapping as Drives. So FFS can be used to sync to locally mapped drives. Encryption on the fly with internal Cryptomator.
Just Cryptomator on a webdav drive works too (mapping as drive), but is slow for small files since obviosly the windows internal webdav client has a high latency of 1 file per second. The Cyberduck client is at least 6 times faster.
Android Version (and iphone stuff) of Cryptomator is available too (5€ ...). Passwords can be stored encrypted with the windows password on the harddrive (maybe not NSA safe, but still... if your operating system is compromised, than you basically can not trust anything.)

Only disadvantage: mountainduck is 30€ per license. Since I can use it for all my clouds I can get rid of all the cloud clients like owncloud, ... bla bla. so I will buy it if it still works at the end of the trial.
User avatar
Posts: 2451
Joined: 22 Aug 2012

Plerry

You can also look into Boxcryptor or Boxcryptor Classic.
It has been a while (Windows 7) but FFS was working very well to/from Boxcryptor(Classic)-drives.
Posts: 15
Joined: 29 Jan 2018

randomUser

Indeed, boxcryptor "works"... but it's not open source. Filename encryption is pro-function and no folder-tree obfuscation. The boxcryptor-classic license is not longer available, so you have to pay an monthly subscription to use the pro-functions. Boxcryptor-classic free has not full functionality.

I tested two scenarios:
a) Boxcryptor encrypts your data locally on your harddrive - FFS to copy the data to any server.
That works quite fast. However, my Harddrive is already encrypted by Bitlocker.
I don't want to store my local data only encrypted by Boxcryptor because don't want to unencrypt my data twice and I'm not 100% trusting that it didn't break.
So, an option would be two store your data twice. Unencrypted and Boxcryptor encrypted and Sync the encrypted data with FFS to an server.
b) Unencrypted data on my harddrive (or encrypted with Bitlocker) and Boxcryptor writes directly to a webdav drive.
That works quite slow. For small files like 0.5 File per second, so it takes hours. Tried different things, but no speed-improvement.

The transfer speed with Cyberduck + build-in encryption with Cryptomator is at least 5-10 times faster. (6 files per second). However, I don't want to use the SYNC function of Cyberduck, so I have to buy Mountainduck to map the webdav/sftp drive in my operating system in order to use FFS.

I also purchased the Cryptomator Android app for 5 bucks, it includes a webdav client and works quite nice.