ELI5 rclone's encryption algorithm? How proprietary is it?

What is the problem you are having with rclone?

I've been using rclone for years and encrypting my data before it goes online. I love it.

But now I'm trying to better understand how the encryption works and how proprietary the whole algorithm is? I read https://rclone.org/crypt/, specifically https://rclone.org/crypt/#file-encryption, and get what is going on but it does seem as though the algorithm is slightly proprietary. For example, the 8 bytes of magic string.

But then I don't know enough about encryption at large.

My thought was, say tomorrow rclone is wiped from the internet, and every derivative -- all of the code and everything -- then how easy will it be to unencrypt my data? Or say, I have a local copy of my unencrypted data, but for reasons cannot install rclone or any non standard app.

If it was using an established standard like OpenSSL or RSA or something, then I would just have to know the key to decrypt my data.

I realize this concern is highly improbable but I am curious.

I searched the bit for any discussions on proprietary and found one but it never digs into the question I am asking.

I know it uses XSalsa20 and Poly1035 but, if I understand things, it's up to the application for how they want to implement those. The formula rclone is using to encrypt using those encryptions, is it something custom/unique to rclone or is it the same everywhere?

And the other part of this is, what if rclone changes the encryption algorithm? How backwards compatible will everything be? Or is that up to the developer?

Run the command 'rclone version' and share the full output of the command.


Which cloud storage system are you using? (eg Google Drive)


The command you were trying to run (eg rclone copy /tmp remote:tmp)


The rclone config contents with secrets removed.


A log from the command with the -vv flag


that is correct but the source code is on github.

no way to decrypt or just use the local copy of rclone.

if for some reason rclone decided to change the algorithm, then rclone would just change
8 bytes magic string RCLONE\x00\x00
8 bytes magic string RCLONE\x00\x01
and when rclone needs to decrypt, it would check that string.

Interesting. Now I'm wondering why rclone didn't use an established standard like OpenSSL or something. Are there performance gains with rclone's implementation?

The crypt encryption algorithm is a standard. Each block is encrypted according to the NACL secretbox standard.

The key handling is unique to rclone though.

Rclone's encryption mechanism needed some quite particular properties in order to function efficiently. Its impossible to seek generally in most encryption methods but it is possible with rclone's crypt format. That is the main reason why it doesn't use a more established standard.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.