Posts

Original Problem We have two directories plaintext and secret, which hold the unencrypted files and their encrypted counter parts respectively. We need to detect changes to plaintext and sync them to secret. Common Methods Polling Based The simplest method is to check the directory on a regular interval (polling) for changes by walking the directory and its files and comparing it against the cached last known state. This method can be less efficient and timely than the other two methods below but it’s biggest advantage is it is the least OS dependent....

Rclone is a popular command line tool to sync and manage files on a cloud storage. It supports a wide variety of backends (referred to as remotes) and has support for a crypt remote that encrypts the files before storing them in the target backend. For this evaluation, I only looked at the local file system as the backend, however, it still applies to any other configured backend. The configuration steps are detailed in the crypt page....

Cryptomator vs. gocryptfs The rough solution I came up with using age is called file based encryption which operates on selected directories and files and distinguishes it from disk encryption which encrypts the whole disk. Exploring some of the existing solutions, cryptomator and gocryptfs stood out to me as the most used and updated, so I decided to learn about them and give them a try. This post will highlight the similarities, differences, my experiences, and what I’d ultimately recommend to both technical and non-technical people....

Sensitive File Cloud Back ups I have a folder in my laptop that contains sensitive information that I’d like to backup/sync. I’m not worried about the security of the storage provider1 I’m uploading to, but I don’t want them to be able to parse the file for any purpose. My threat model is preventing the storage provider from reading the contents. I somewhat trust the cloud provider to not compromise my files to external entities....