Is rclone.conf needed to decrypt remotes?

Daniel_Krajnik · August 14, 2021, 11:31am

I'm trying to decrypt remotes from a year ago, but they appear empty after putting passwords and location on google drive.

Is there a way to decrypt the files without rclone? Could you please point me to information explaining what method rclone uses it to replicate it?

Animosity022 · August 14, 2021, 11:42am

You need to use the same password and same salt before. If you enter those in your configuration, you can decrypt the files.

asdffdsa · August 14, 2021, 11:58am

hi,
if you log into the gdrive website, you do see the files in their crypted state?

Ole · August 14, 2021, 12:01pm

There is no easy way to decrypt without rclone and you would need the exact same information to do so (password1 and password2/salt). It is therefore far easiest to use rclone.

You don’t need rclone.conf, but you do need all the information to rebuild the exact same crypt remote, that is something like this:

[myEncryptedRemote]
type = crypt
remote = myRemote:encryptedFolder
password = ObfuscatedPassword1
password2 = ObfuscatedPassword2
filename_encryption = standard
directory_name_encryption = true

You can either enter this directly in the rclone.conf file or you can use rclone config to create the entry (in this case you use your clear text passwords).

Daniel_Krajnik · August 14, 2021, 12:04pm

yes, they appear encrypted, files, file names and directories. files are there, but decryption still seems not to work

Daniel_Krajnik · August 14, 2021, 12:05pm

thanks for the reply, still not sure what may be wrong, but will keep trying. Haven't tried putting it directly in the conf file, maybe that will work

Daniel_Krajnik · August 14, 2021, 12:07pm

thanks for clarifying that, yes, I did that, still not sure why it didn't work here, but if I come up with solution will post it back here

asdffdsa · August 14, 2021, 12:07pm

you need to create two remotes, using rclone config
one remote for gdrive, one remote for the crypt.

should look something like

[gdrive-a1b2]
type = drive
client_id = 
client_secret = 
scope = drive
token = 

[gcrypt-a1b2]
type = crypt
remote = gdrive-a1b2:crypt
filename_encryption = standard
directory_name_encryption = true
password = 
password2 =

Daniel_Krajnik · August 14, 2021, 12:08pm

thanks for asking, but yes, did that. gdrive:/file/to/backup/folder in the crypt option. still was empty for all folders

Daniel_Krajnik · August 14, 2021, 12:12pm

are symbols allowed in passwords ($#^@!) ?

asdffdsa · August 14, 2021, 12:15pm

please post the config file, redact id/secret/password/token.

for now, let's not work on the crypt remote until the gdrive remote is working.

create a gdrive remote using rclone config and make sure you can see the cypted files using rclone ls

Daniel_Krajnik · August 14, 2021, 12:17pm

sure, there is only one remote there (google drive):

[gdrive]
type = drive
client_id = <<client-id>>
client_secret = <<client-secret>>
scope = drive
token = {"access_token":"<<access-token>>","token_type":"Bearer","refresh_token":"<<refresh-token>>","expiry":"<<expiry>>"}

I've changed client id from the default rclone to a private one from google since encrypting them if that adds anything to this issue.

Ole · August 14, 2021, 12:20pm

It really depends on whether you have saved your passwords in clear text or obfuscated. I am sure @asdffdsa will guide you to the right choice once you get to it.

asdffdsa · August 14, 2021, 12:21pm

ok good,

if you run a command such as rclone lsd gdrive: -R
this will list all the folders in the drive, can you find the top level folder containing the crypted folders.
we will need that to setup the crypted remote.

Daniel_Krajnik · August 14, 2021, 12:38pm

thanks, sure, the top level folder is backups/wsl/node3

-1 2021-02-01 19:42:01 -1 backups/wsl/node3

asdffdsa · August 14, 2021, 12:45pm

if you saved the obfuscated password, then you have two options.

you can de-obfuscate the password at
https://play.golang.org/p/IcRYDip3PnE

2 .create a remote inside the rclone.conf file itself, without using rclone config

it should look something like this, just paste the obfuscated password as is.
and make sure, the filename and directory settings are the same as before.

[gcrypt]
type = crypt
remote = gdrive:backups/wsl/node3
filename_encryption = standard
directory_name_encryption = true
password = obfuscated.password.01
password2 = obfuscated.password.02

Daniel_Krajnik · August 14, 2021, 12:47pm

thanks, but I'm a little confused. Are you mentioning obfuscated passwords, because of the post above (deleted it) or is there no way to regenerate them from the original passwords? It's important, because I don't have the obfuscated passwords, but I hope that they could be generated? or do they change on each run of rclone config?

asdffdsa · August 14, 2021, 12:51pm

if you have the original paswords, then use rclone config to create a crypt remote.
when asked for passwords, copy/paste the orignal passwords as is.

Daniel_Krajnik · August 14, 2021, 12:53pm

sorry, I have only the original passwords

asdffdsa · August 14, 2021, 12:54pm

if you have the original paswords, then use rclone config to create a crypt remote.
when asked for passwords, copy/paste the orignal passwords as is.