What is the problem you are having with rclone?
I'm using Ansible to setup the rclone mounts and the configuration file but I'm not quite sure how I can generate the values for password and password2.
Does anyone have a hint for me?
Thank you in advance!
What do you mean by password and password2? Can you share what you've done and what boxes you are trying to fill in?
Sorry, obviously I didn't described this understandable: password
and password2
are fields in the configuration file.
For testing I went manually through the crypt description like described on the website .
Then I had a look on what's generated in the config file (~/.config/rclone/rclone.conf
), because I generate the config file with Ansible and want to add encryption to it.
When adding the crypted account manuall, the regular password is added hashed(?) in the field password
and the passphrase for the salt is added hashed(?) in the field password2
.
Now I obviously would love to know how I can generate these entries programmatically with Ansible because I obviously can't use the clear text variants here.
I have little knowledge of Ansible, password
and password2
fields can generated from plain text programmatically.
These fields have be obscured this algorithm:
}
}
stream := cipher.NewCTR(cryptBlock, iv)
stream.XORKeyStream(out, in)
return nil
}
// Obscure a value
//
// This is done by encrypting with AES-CTR
func Obscure(x string) (string, error) {
plaintext := []byte(x)
ciphertext := make([]byte, aes.BlockSize+len(plaintext))
iv := ciphertext[:aes.BlockSize]
if _, err := io.ReadFull(cryptRand, iv); err != nil {
return "", errors.Wrap(err, "failed to read iv")
}
if err := crypt(ciphertext[aes.BlockSize:], plaintext, iv); err != nil {
return "", errors.Wrap(err, "encrypt failed")
}
return base64.RawURLEncoding.EncodeToString(ciphertext), nil
You can use https://rclone.org/commands/rclone_config_create/ and pass the parameters to the create command.
1 Like
I thought it was working properly but it wasn't:
I've executed the command like this:
rclone config create repository_name \
"crypt" \
"remote" "foo:bar" \
"filename_encryption" "standard" \
"directory_name_encryption" "true" \
"password" "some_password" \
"password2" "some_salt_password"
But this way some_password
and some_salt_password
are written in plaintext into the config.
According to the documentation, this shouldn't be the case:
If any of the parameters passed is a password field, then rclone will automatically obscure them before putting them in the config file.
So I still don't know how to add the password fields programmatically.
Or is this a bug?
When I run that exact command, I get the following rclone.conf:
(Passwords are fine here as this is just a test config so I'm showing them on purpose)
[repository_name]
type = crypt
remote = foo:bar
filename_encryption = standard
directory_name_encryption = true
password = ci3JRyFvZCaCTPJHiqBDzqQ1yQIpKtaedvlgt5Y
password2 = js1i4bh_52ajUenkzRZ-cRUcYO0MtkeAZcSicXy-uMJF_w
and everything looks encrypted
Strange indeed. It works with some_password
and some_salt_password
. But it doesn't seem to work with other passphrases.
rclone config create repository_name "crypt" \
"remote" "foo:bar" \
"filename_encryption" "standard" \
"directory_name_encryption" "true" \
"password" "xxxxxxxxxxxxxxxxxxxxxxx" \
"password2" "xxxxxxxxxxxxxxxxxxxxxx"
Try this one.
asdffdsa
(jojothehumanmonkey)
May 11, 2020, 2:45pm
9
type = crypt
did you leave this out on purpose?
Ah, I see. therefore the documentation is wrong until 3728 is fixed.
There are some caveats to it as it isn't quite clear and tries to be a bit too smart.
You can always work around it as described in that issue as well.
ncw
(Nick Craig-Wood)
May 12, 2020, 11:27am
13
Yes that could do with a tweak!
ncw
(Nick Craig-Wood)
May 12, 2020, 1:31pm
14
I have replied with a fix for this on the issue.
1 Like
I hope this is not considered as SPAM or so but I want to have this mentioned:
Thank you so much for being so helpful and for fixing this! rclone is awesome and it really makes me happy!
1 Like
system
(system)
Closed
May 15, 2020, 6:30pm
16
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.