A way to conveniently encrypt data in the cloud (using your own means)
Dear community!
I want to share a way to conveniently transparently encrypt the data that we transfer / download from the cloud.
But you should start with a review of the current situation.
There are clouds in which you can store a lot of different information. Sometimes done for free. It seduces. Many services are still struggling to provide you with as many gigabytes and features as possible. However, one must understand that free cheese only happens in a mousetrap. The danger is that you transfer your files to someone else’s uncle with unknown intentions in relation to you. And the danger of files, as an object of information, lies in the fact that you can make a copy from it and you will not know about this fact. Files can also be analyzed for different purposes. In general, a lot of things.
Adhering to the point of view “I have nothing to hide, let them look” - they may not read further. Continue to enjoy recent iCloud photo leaks, removing unlicensed content from the cloud, etc. Those who care about privacy of their personal lives and find it generally unpleasant to peep at you through the keyhole and put your big brother’s hands in your personal affairs, read on.
Clouds can be used. But you need to do it right. The solution here is data encryption. However, you need to understand that encryption is different. Many services scream that they have the best encryption algorithms. But these same services are modestly silent that they themselves can access your data at any time. Therefore, the most correct option is the option of encrypting / decrypting data on YOUR side. Thus, the cloud always deals only with encrypted content. At the same time, the client of the encryption and cloud service should not have one owner. The ideal case is the open source encryption client.
So, what do we have with this approach:
Pros:
1. The owner of the cloud never has access to the contents of your files. No way.
2. All nodes in the traffic chain of your traffic do not have access to your data. This, for example, is the owner of a wifi point of a cafe, a provider, an owner of trunk lines, network admins at your work, etc.
It's great.
Cons:
1. You have extra worries to provide encryption / decryption, an extra load on the computer.
To whom is more important. But, let's agree that:
1. The cloud for you is not a corporate tool for work. Although there may be options in the form of distributing a password to colleagues.
2. The cloud is your personal data storage.
1. At the moment, no service provides the above-described content encryption model. It is understandable, it is not beneficial for him.
2. Googling, I was surprised to find that no one really cares about this problem. Perhaps the same trick is repeated with clouds as with social networks n-eleven years ago. When people, without thinking, themselves posted everything on the net. Who with whom in what respects, where he served and worked. A gift to all special services and scammers.
Current options for solving the problem of ensuring the security of your own files in the cloud:
1. Encryption provided by the owner of the cloud. Protects only from other users, but not from the owner of the cloud.
2. Storage in a cloud of files in password-protected archives or encrypted containers (such as truecrypt). It is inconvenient to use, because in order to make a small change or just download a file, you need to download / upload the entire container. Which is often not fast if it is large.
3. VPN protects only the communication channel, but not the contents of the cloud.
4. BoxCryptor program. It can encrypt files sent / merged from the cloud. But its mechanism of operation is inconvenient. You must have a synchronized copy of all cloud data on your local computer. In this copy, you are working with data, and the program in encrypted form uploads / merges them into the cloud. Syncs in general. Inconveniently.
We want us to have a flash drive with us, insert it into any of our (or not our) computers with an Internet connection, run a certain program from it. A virtual disk appears in our system, by going into which (who is the explorer, who is Total Commander) we will get into our account in the cloud. We see our files, do what we need with them. And then we turn everything off and leave. But if you log into our account without starting this magical program, then we (or an attacker, admin sniffer, cloud owner, etc.) will see a bunch of garbage - both in the file names and in their contents.
As an option - put this program stationary on all your computers and forget about its existence and the need for periodic launch. This method will work with all types of clouds that support the WebDAV standard and allow you to store just arbitrary files that meet the file system standards.
Googling, I found only 2 options for solving the encryption issue almost in the form in which I need.
1. WebDav plugin for Total Commander. Adds a cloud account to Total Commander and it becomes visible as a disk. In which you can copy files. However, it does not yet support encryption. My attempts to convince the author to include encryption in it and to become Gisler the first who will solve this problem were unsuccessful.
2. The CarotDAV program, about which they already wrote on this site. She can encrypt files and names alone. And everything would be fine, but it has a conductor interface, which is inconvenient.
And now, in fact, what happened is what I am writing this long post for.
I was able to persuade the author to include support for mounting a virtual disk in his program. I was sent a test version of it, which I am testing now.
Actually, the program is easy, everything works as it should. But most importantly - now you can be sure that your files in the cloud belong only to you - while maintaining an easy and convenient way to access them.
I invite everyone who is interested and who needs such a program to join the testing.
PS The author of the site states that he can send the source.
Links to additional materials
habrahabr.ru/post/207306
habrahabr.ru/post/209500
Accordingly, I will unsubscribe about the test results.
UPD1: the program supports not only Webdav, but almost all types of common repositories.
UPD2: the portable version, worn on a USB flash drive / lying on a computer, eliminates the need to install a program.
UPD3: The process looks like this for me: I start the program and a virtual disk appears in my system. I work with him with the help of total. I close the program - the disk disappears. In one click, nowhere is easier.
I want to share a way to conveniently transparently encrypt the data that we transfer / download from the cloud.
But you should start with a review of the current situation.
There are clouds in which you can store a lot of different information. Sometimes done for free. It seduces. Many services are still struggling to provide you with as many gigabytes and features as possible. However, one must understand that free cheese only happens in a mousetrap. The danger is that you transfer your files to someone else’s uncle with unknown intentions in relation to you. And the danger of files, as an object of information, lies in the fact that you can make a copy from it and you will not know about this fact. Files can also be analyzed for different purposes. In general, a lot of things.
Adhering to the point of view “I have nothing to hide, let them look” - they may not read further. Continue to enjoy recent iCloud photo leaks, removing unlicensed content from the cloud, etc. Those who care about privacy of their personal lives and find it generally unpleasant to peep at you through the keyhole and put your big brother’s hands in your personal affairs, read on.
Clouds can be used. But you need to do it right. The solution here is data encryption. However, you need to understand that encryption is different. Many services scream that they have the best encryption algorithms. But these same services are modestly silent that they themselves can access your data at any time. Therefore, the most correct option is the option of encrypting / decrypting data on YOUR side. Thus, the cloud always deals only with encrypted content. At the same time, the client of the encryption and cloud service should not have one owner. The ideal case is the open source encryption client.
So, what do we have with this approach:
Pros:
1. The owner of the cloud never has access to the contents of your files. No way.
2. All nodes in the traffic chain of your traffic do not have access to your data. This, for example, is the owner of a wifi point of a cafe, a provider, an owner of trunk lines, network admins at your work, etc.
It's great.
Cons:
1. You have extra worries to provide encryption / decryption, an extra load on the computer.
To whom is more important. But, let's agree that:
1. The cloud for you is not a corporate tool for work. Although there may be options in the form of distributing a password to colleagues.
2. The cloud is your personal data storage.
Current status
1. At the moment, no service provides the above-described content encryption model. It is understandable, it is not beneficial for him.
2. Googling, I was surprised to find that no one really cares about this problem. Perhaps the same trick is repeated with clouds as with social networks n-eleven years ago. When people, without thinking, themselves posted everything on the net. Who with whom in what respects, where he served and worked. A gift to all special services and scammers.
Current options for solving the problem of ensuring the security of your own files in the cloud:
1. Encryption provided by the owner of the cloud. Protects only from other users, but not from the owner of the cloud.
2. Storage in a cloud of files in password-protected archives or encrypted containers (such as truecrypt). It is inconvenient to use, because in order to make a small change or just download a file, you need to download / upload the entire container. Which is often not fast if it is large.
3. VPN protects only the communication channel, but not the contents of the cloud.
4. BoxCryptor program. It can encrypt files sent / merged from the cloud. But its mechanism of operation is inconvenient. You must have a synchronized copy of all cloud data on your local computer. In this copy, you are working with data, and the program in encrypted form uploads / merges them into the cloud. Syncs in general. Inconveniently.
What do we want?
We want us to have a flash drive with us, insert it into any of our (or not our) computers with an Internet connection, run a certain program from it. A virtual disk appears in our system, by going into which (who is the explorer, who is Total Commander) we will get into our account in the cloud. We see our files, do what we need with them. And then we turn everything off and leave. But if you log into our account without starting this magical program, then we (or an attacker, admin sniffer, cloud owner, etc.) will see a bunch of garbage - both in the file names and in their contents.
As an option - put this program stationary on all your computers and forget about its existence and the need for periodic launch. This method will work with all types of clouds that support the WebDAV standard and allow you to store just arbitrary files that meet the file system standards.
Googling, I found only 2 options for solving the encryption issue almost in the form in which I need.
1. WebDav plugin for Total Commander. Adds a cloud account to Total Commander and it becomes visible as a disk. In which you can copy files. However, it does not yet support encryption. My attempts to convince the author to include encryption in it and to become Gisler the first who will solve this problem were unsuccessful.
2. The CarotDAV program, about which they already wrote on this site. She can encrypt files and names alone. And everything would be fine, but it has a conductor interface, which is inconvenient.
And now, in fact, what happened is what I am writing this long post for.
I was able to persuade the author to include support for mounting a virtual disk in his program. I was sent a test version of it, which I am testing now.
Actually, the program is easy, everything works as it should. But most importantly - now you can be sure that your files in the cloud belong only to you - while maintaining an easy and convenient way to access them.
I invite everyone who is interested and who needs such a program to join the testing.
PS The author of the site states that he can send the source.
Links to additional materials
habrahabr.ru/post/207306
habrahabr.ru/post/209500
Accordingly, I will unsubscribe about the test results.
UPD1: the program supports not only Webdav, but almost all types of common repositories.
UPD2: the portable version, worn on a USB flash drive / lying on a computer, eliminates the need to install a program.
UPD3: The process looks like this for me: I start the program and a virtual disk appears in my system. I work with him with the help of total. I close the program - the disk disappears. In one click, nowhere is easier.