Multi-device access of encrypted data

I have tested some ZKE/E2EE cloud storage providers in Europe, but so far I'm not impressed by the availability and quality of such cloud storage providers. So maybe it is an option to have a private Hetzner Storagebox and encrypt all files using rclone. Unfortunately this would probably mean I can't access my files on the go. I can list my files using an SFTP-client on my iPhone, but would there by any way to occasionally unencrypt and view selected files on the fly without having to download and store such file? I'm interested to learn if this community recognises such challenges.

on android, a number of ways to do that.

one example is my howto guide
Turn your android phone into a media server


i think the big issue, can you run rclone on the iphone itself or not?
that will determine your possible solutions.
Rclone on iSH for iOS
Rclone on iPhone!


i have a big fan of that service.

what i do is rent the cheapest vm from hetzner in the same region as the storagebox.
then can run rclone mount on the vm, using the files from storagebox.
access the files secruly using tailscale.

another option, run a webdav or sftp server on the vm, pointing to the files in storagebox.
from the iphone, access that webdav|sftp server

Ha, that sounds really great, this way you don't even have to expose the fileserver to the internet I presume.

Indeed I'm on iPhone. I already noticed your howto guide for Android, but that won't work for me. Your Hetzner work-around sounds cool though. Only thing is you have to keep that VM secure as well, probably by locking it down and using a VPN to connect. Before I know it, it will be an IT project :wink:

each hetzner vm has its own GUI firewall, default-deny for inbound.
for tailsacle, need to open a single port 41641

1 Like

Thank you for your suggestions. Sometimes a single open port is all a hacker needs, if there is a vulnerability in the server application. So I would need some additional security. Not sure if I want to proceed on this, there must be some reliable, mature, secure and affordable cloud provider out there?

I may have found what I want. Koofr lets me create a Vault in which I can store data encrypted and uploaded by rclone using a dedicated app password. The files are E2EE encrypted (in transit and at rest). However I seem to be able to sync access and view the unencrypted version in the Koofr web app as well as in the dedicated mobile app for Koofr Vaults. I tested it, and it worked really well. All I need to find out is if this method is safe, so I don't create some back door vulnerabilities using this solution. A downside may be the lack of block-level synch and file versioning, but I can live with that. I do not appreciate the absence of monthly subscriptions (just annual) and a lack of speed (up/download).