Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
I'm looking to improve my documents syncing setup. Currently I'm using owncloud, but that seems overkill for just files syncing and it requires maintenance, so I gave Syncthing a look. The "Untrusted device encryption" was not appealing to me because I'm not convinced by the security aspects yet, and also because it is in beta for now. I used gocryptfs [1] in the past and was quite happy with it, so I'm planning to use it on top of Syncthing to have files synced encrypted. As far as I have read this setup (Syncthing + gocryptfs) seems to be used by several people and has already been discussed by gocryptfs' author, who recommended a `-sharedstorage` flag for such use case [2]. Reading [3] I think gocryptfs is more suited for files syncing than cryfs. I'm aware that the metadata (file size, structure, …) of my files are not encrypted but that's a compromise I'm ready to make.
I would be happy to hear about opinions about this approach.
[1] https://nuetzlich.net/gocryptfs/
[2] https://github.com/rfjakob/gocryptfs/issues/549#issuecomment...
[3] https://www.cryfs.org/comparison
I know that cryfs[1] is resilient to at least the first of these, and possibly the second as well. I don't know if cryfs allows to modify the base directory while the filesystem is online, if it does then it might already be a better solution for syncthing, if you only care about Linux.
On the flip side syncthing could incorporate cryfs's base directory format instead of their home-grown one.
[1] https://www.cryfs.org/