investigate using encrypted at rest remote storage with apps
an idea by jzerebecki
Updated 18 days ago. No love. 1 follower. Has no hacker: grab it!

Description

There are various ways in my daily computer use that I currently do only store on a local disk encrypted with LUKS, which would benefit from remote storage with encryption at rest on the client, as I don't want to store that much private data unencrypted.

There is OpenPGP and LUKS (though the latter is hard to use securely) based encryption and there are various tools that use these in a manner so that their security arguments hold. There are also some apps that won't be convenient by just encrypting files and where closer integration with encryption.

One focus here is being able to use the same data from regular Linux userland and Android, where support for the relevant APIs like MediaStore, Calendar / Contacts, and Storage Access Framework (SAF) makes it convenient on that OS.

Examples of tools that use OpenPGP:

  • duplictity for backups

Examples of tools that use closer integration with encryption, but lack some security property:

  • rclone
    • structure remains, name encryption limited, no chunking, no size padding
    • https://github.com/rclone/rclone/blob/master/docs/content/crypt.md
    • there are various Android apps using this that support SAF
    • https://f-droid.org/en/packages/de.felixnuesse.extract/
    • https://f-droid.org/en/packages/com.chiller3.rsaf/
  • git annex
    • chunking but no size padding
  • nextcloud
    • forgot the details, but upside is that it had a security review
  • https://github.com/spwhitton/git-remote-gcrypt
  • Seafile has no cryption of meta data like file names

Examples of what I'm looking for:

  • Calendar, Todo lists via Thunderbird and Android
    • etesync https://github.com/etesync
    • mostly not packaged, no recent build on hub.docker.com
    • unmaintained https://github.com/etesync/server/issues/196
    • if one has encrypted files sync, then https://github.com/39aldo39/DecSync
  • Notes via any text editor on Android
    • put in Git or file sync or use notes in etesync
  • Photos, Videos taken on Android
    • ente https://github.com/ente-io/ente
  • Git repos
    • https://github.com/foks-proj/go-foks
  • Mailboxes via Thunderbird
    • put it in Git? and see above.
  • Files
    • http://tahoe-lafs.org
    • peergos, previously camlistore
    • How hard is it to restrict it to provide encrypted files to authenticated clients?
    • Can it provide history for a directory?
    • Mostly not packaged in distros
    • No SAF support for Android app.
    • Seems to also have other features like Sharing, Calendar, Messages, etc
    • https://peergos.org/features
    • https://book.peergos.org/overview/overview.html
    • https://github.com/Peergos/web-ui
    • https://github.com/Peergos/Peergos
    • https://github.com/Peergos/android
  • Backups
    • restic
    • Adroid app https://f-droid.org/en/packages/org.dydlakcloud.resticopia/
    • How does the trade off compare with duplicity? https://restic.readthedocs.io/en/stable/070_encryption.html

TODO: Security review?

Goals

Resources

No Hackers yet

Join this project

Looking for hackers with the skills:

Nothing? Add some keywords!

This project is part of:

Hack Week 25

Activity

  • 22 days ago: jzerebecki originated this project.


    • Comments

    Be the first to comment!

    Similar Projects

    This project is one of its kind!