Question on md5sum and encryption

Assuming there is no corruption at any level.
a decrypted file will be always bit perfect versus the original file, so the checksum of the original will be always the very same compared to the original one before encryption.

But what about the following scenario?
a) I have the original and local copy of the file
b) I upload a) to the cloud with encryption
c) I ask to the cloud the checksum of b)
d) I local encrypt a) with the very same password used during b)

Seems that the checksum of c) and d) are different.

I am asking this question because in order to check for corruption, it is very time consuming to download locally an encrypted file from the cloud and then to compare the checksum of the original versus the downloaded from the cloud and decrypted file.
In my mind it was better to locally checksum the encrypted version of the original file versus the checksum provided by the cloud for the same file.


Made another test without involving the cloud… I just worked on my local file system

I created 2 different encrypted remote with the very same password on the local file system
I copied the same file to the two remote
I checked the md5sum of both and they are different.
Decrypting both of course produces the two file that are both bitperfect compared to the original one.

Moreover, using the same encrypted remote and copy the same source in two different location produces two encrypted file with different checksum.


This is because the encrypted files contain what is known as a nonce at the start. This is a few random numbers whose purpose is to make two identical files encrypt to different values.

If you don’t use a nonce, then the crypto used by rclone becomes susceptible to attack, so a nonce is essential. rclone uses a different nonce for every file uploaded.

Note that although crypt doesn’t have md5 checksums, the data stream itself is protected in an equivalent way so the fact that you can download an encrypted file at all means that it has passed those checks.

If you want the checksums to be identical then you’d need to read the nonce from the stored file and use that when you encrypted the local file.

Now it is clear!

I always trusted a lot rclone and the storage, but I was looking at something to check the data I have in the cloud compared to the ones I have locally.

Since the data in the cloud are encrypted, the suggestion I got is to download, decrypt and compare, that is time consuming.

is this the only way?
If the answer is yes, this is the only way, then after reading your answer, I the possible soultion would be:
a) get the checksum of the file encrypted and stored in the cloud
b) encrypt the local file with the nonce of a)
c) compare the checksum of the local file with the one of a)

any idea how to do that?

It is the only way right now…

That would require a modification to rclone and it would be fairly tricky to integrate it nicely since it breaks the encapsulation between the different remotes.

Eventually will provide a better answer.

ok, but, forget for a while the job to do…
let me say… on the paper, should it work?

Yes, in theory it would work fine.