I made a vault program using Rclone and Python

I use python mde a vault program, it uses rclone crypt feature. It can be used cross platform, act as an file vault.

On Android, it can serve as webdav, users can access vaults by Mixplorer or other apps.

On PC, besides server, you can also mount it to a path.

The result is shown in the picture below. More info: https://github.com/HaujetZhao/RcloneVault

What is the advantage of this over just using rclone to serve/mount a local crypt backend?

From a coding point of view, it is generally much better practice to use some kind of config file rather than hardcoding options and config in the file. At least for anything reusable or not one-off.

I am also not really sure exactly what you're doing with the AES stuff inside? Is that a reverse engineering of rclone obfuscation? If so, that's pretty cool. (though I doubt it since I am not seeing NaCL or scrypt.

Some more notes:

All the file within the Vault are crypted by user password, so you can't change the password.

While this is true, I think this is the wrong way to use rclone crypt in my opinion. You should be using two 1024 bit random passwords and then encrypt the config file! The config file is like the "key" (actually, the key is derived from it) and then you have your password on the config file. So you can change that as much as you want and you only change the stored config. This is how much password-based encryption is done. You encrypt a key.

I think it's because Using rclone config file can't conviniently mount or serve a crypt storage by several key input, and I can't give the remote a non-ascii name like "保险库:/" using config file.

Using this python script vault manager I can quicklly edit the vault info using my most handy text editor with no risk of leaking password. If I use crypted rclone config file, I won't be able to edit the config in handy Notepad++ any more.

Also, If I uses the crypted config file, it means if I copied the crypted folder to another device, knowing the main password is not enough to open it, I also need to copy the rclone config file to that device.

So all I want is: If the content is copied to another device, I can open it without changing the crypted rclone config file.

That's basiclly the reason I made this.

1 Like

thanks for sharing.
i see from the soucre code, you use Crypto.

i have an off-topic request to this off-topic post.

i have been trying and failing to write python code to work with with amazon s3 SSE-C.
to create valid values for these two flags.

if you have such code, i would love to see it?


1 Like

Sorry bro, that obscure function piece in my code is basiclly a result of my hundredes times of trying and testing and code searching (wasted 2 days), I don't even know the basic mechanism of that piece of code, it's just work.

So I may not capable giving you help.

yeah, wasted 2 days, me too....