Decrypting files after downloaded from remote


I'm pretty sure this has been asked and answered before, but I am failing to find a close enough match here, or elsewhere in my searching for comfort. Closest I found was this the thread at the forum here: /t/decrypt-partial-version-of-crypt/4683. Which I think answers the question, but I wanted to be super clear before I planned on the assumption.

If I download the rclone encrypted files from a remote (in this case an Amazon S3 bucket, storage class deep glacier), and then try to decrypt them, will it be possible?

I would assume I set up a crypt pointing at /path/to/downloaded-files with the same credentials as the crypt currently pointing at the S3 bucket, and that would do the job. Is that correct?

Apologies again if I'm double handling this kind of question.

Thanks in advance.

Warm regards,


hello and welcome to the forum,

not sure what you are asking?

if you want to download a file from aws crypt, and have it decrypted on local, then just

  • rclone copyto awscrypt:filename.txt /path/tol/local/folder/filename.txt

if you want to keep the file crypted but copy it to local, then

either way, you can quickly test this.

Thanks for getting back to me. Apologies my question wasn't clear.

Say I have used rclone to encrypt my files and push them to the S3 bucket:
rclone copy /myfiles/ amazon_crypt:bucket

I then download all (or even part of) my files directly from the S3 bucket, without using rclone. So they are now encrypted, but on the local machine in something like ~/Downloads/encrypted-s3-files/

I want to know if I can use rclone to decrypt them from the local machine. Is it possible, for example, to set up a new crypt with the same credentials as amazon_crypt, but point it at ~/Downloads/encrypted-s3-files/ to decrypt them? So e.g.:

rclone copy new_crypt:~/Downloads/encrypted-s3-files/ ~/Downloads/decrypted-s3-files/

Or perhaps, some other alternative? Or is it always necessary to decrypt from the original remote?

Thanks again in advance.

You should be able to create a local backed crypt remote.

For example, if I have

type = crypt
remote = /tmp/foobar
filename_encryption = standard
directory_name_encryption = true
password = pass1
password2 = pass2

Now if I look at the file system:

% ls /tmp/foobar/

And the file is definitely encrypted :slight_smile:

% strings /tmp/foobar/rddg2kncpdnb9hk35d1k7atfhk | head -3

But if I use the remote:

% rclone ls foobar:
     9891 screenlog.3

And the contents are readable:

% rclone copy foobar:screenlog.3 xxx

% head -3 xxx/screenlog.3 
Only in .: duckula
diff: /mnt/amazon/penfold/20200105._FastData.0.gz_ao: Input/output error

So as long as the encyrption modes and the password entries match the original remote then you should be able to decrypt your local data.

1 Like

You beauty. Thanks a lot for this.

I'll test exactly this out, but I'm convinced.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.