Decrypting rclone encrypted Files

Is there a way to do this without the use of rclone? is is a Standards based encryption or proprietary?

The use case is sending some files to a DMZ server, and having them encrypted at rest, and using some C# web code to decrypt them in memory, we don't really want to call the rclone client as that would then require saving the un-encrypted one to disk

Is this possible?

Have you read this?
https://rclone.org/docs/#configuration-encryption

"rclone uses nacl secretbox which in turn uses XSalsa20 and Poly1305 to encrypt and authenticate your configuration with secret-key cryptography. The password is SHA-256 hashed, which produces the key for secretbox."

  1. we need for details about your plan?
  2. is the server windows or linux?
  3. on the server, what type of file server protocol will be used for copying from the client?
  4. you can encrypt any server at rest in many different ways. on windows, you can use bitlocker, you can use a hard drive that has hardware encryption, many whole disc encryption options
  5. use a vpn to copy files from client to dmz server.
  6. so you plan to decrypt the files in ram via c#? so for whatever amount of ram you would dedicate to c# code, create a temp ramdisk and decrypt rclone files to that ramdisk. no need to decrypt rclone to hard disk

Thanks, That is what I needed.

Edit: that just seems to be refering to the configuration, I'm looking for what it uses if we transfer via SFTP using rclone encryption.

Sorry, Not going to provide that level of detail in a public forum.

The documentation is mostly about that yes, but the section I quoted there does give a quick rundown of how rclone crypt is composed. I do not think the whole crypt construct used for rclone is "a standard", but as you see it uses mostly standard components.

If you need a higher level of detail then that because you are tying to make your own program capable of reading rclone crypted files then you should probably just go look at the crypt code on github. Rclone's code is open after all :slight_smile:

And for really spesific implementation questions - you probably have to ask @ncw

I don't know if perhaps C# would be capable of calling a library that has the native go code? ... if so then you might be able to rip out the relevant section that decrypts and stick it in there for your C# program to use without having to port the code. That said - go and C# are not that different, so that should be quite doable too if you are reasonably proficient.

I would check to make sure NCW is ok with it before re-purposing large sections of code though. I have no idea about the legal stuff in licenses ect. but it seems like a common courtesy thing to do :slight_smile:

There is a javascript port of the encryption code: https://github.com/FWeinb/rclone-js

You could run rclone cat crypt:path/to/crypted/file as a subprocess and rclone will stream the decrypted file to standard output. Might be easier?

1 Like

Thanks! We didn't reuse the javascript code but looking at that our developers were able to see how it was done to implement it in our ASP.net core webapp. Everything is working great!

1 Like

Is the app open source? Want to post a link?

It is possible to decrypt native C# code without rclone, here https://github.com/lithium0003/TSviewCloud

1 Like