Questions about encryption with rclone


I followed this : to create a secret "encrypted folder" in my storage.

At the step :

Remote to encrypt/decrypt. Normally should contain a ':' and a path, eg "myremote:path/to/dir", "myremote:bucket" or maybe "myremote:" (not recommended). remote> remote:path

I wrote for "remote" the real name of my already configured remote, and for "path" i named it "newcryptedfolder", even if there was no such folder in my already configured remote.

What the idea of a remote, because if a remote is my cloud external storage, why would i need to create a new config for a new remote that would be in truth just a folder with encrypted stuff in my remote? so a "remote" is not exactly my cloud disk, isn't it?

i'm kind of lost. i also set up a password but.. never asked me anything. is it supposed to be stored somewhere? where is the RSA passkey? ...

edit : i came to my pccloud web browser, and there is this "cryptedfolder". so it look like it worked. and files inside are encrypted. is the configuration with b2 is exactly the same? i'm not sure to understand :

First check your chosen remote is working - we’ll call it remote:path in these docs. Note that anything inside remote:path will be encrypted and anything outside won’t. This means that if you are using a bucket based remote (eg S3, B2, swift) then you should probably put the bucket in the remote s3:bucket. If you just use s3:then rclone will make encrypted bucket names too (if using file name encryption) which may or may not be what you want.

Ok, about the last part i don't care because i don't want to encrypt file names. but on the precedent part, i just don't understand what they are talking about.. I should probably put the "bucket" (i don't even know what is a bucket, for me it's the space allowed to me that's it), in the remote s3 (or b2 i guess):bucket. I should put a bucket in a bucket?

So a remote is usually a cloud storage account you have. There's exceptions to this like the crypt and cache remotes. Those two remotes are special kinds of remotes that don't interact with cloud storage directly, but rather they do something and then piggyback on an existing remote to do their work.

A bucket is a concept only in some remotes. Buckets are ways you can organize your files using a "level above folders". For example, on B2, you could create a bucket for your personal files, and a bucket for your company's files. Both buckets are independent of each of other and rclone needs to know which one you are working. If you are using remotes like Google Drive or Dropbox, the concept of Buckets does not apply.

Passwords for remotes are obfuscated and stored within your rclone.conf file. If you care about accessing the passwords, store them somewhere else as de-obfuscating them is a bit of work.

I wrote a tutorial that covers some of your questions, including what remotes are and how to use crypt:

Thanks. I actually read your tutorial before, it's very nice.

Should I worry about anything about this mention of possible problems with B2 and buckets? i don't plan to change anything in my B2 configuration, and I don't need anything more than a simple external cloud disk.

but i want to be sure i don't lost all my files because i sent them encrypted on a "bucket in a bucket" or something else. if someone can confirm i don't need to read that if i'm not using any file name / folder name encryption...

If using Backblaze, you just need to specify your bucket as if it were part of the path.

For example, if you created a b2 remote called "myb2" and a bucket within B2 called "myBucket", you just need to do myb2:myBucket. If you lsd the root of your B2 remote (lsd myb2), you will see all the buckets you have access to and you can just treat them as components of a file path.

Feel to try this to understand better.

Upload a file or two to your B2 bucket. Any small file will do. Then do lsd myb2:myBucket. That will show you all your files in your bucket. If you wanted to download one of your files, you would do rclone copy myb2:myBucket/photo1.jpg . Your bucket is always at the beginning of your path.

thanks for the info. If i don't create any buckets, can i skip this and will the crypt command works perfectly? if i understand this part of the doc is only for people that use B2 and created buckets.

i just want to be sure i will be fine as long as i don't create any buckets. is the crypted folder created by rclone with crypt a bucket? or just a folder.

You can't use B2 without creating any buckets as far as I know. Since the bucket is part of the path, you can treat the bucket as a mandatory folder.

I think the best way to understand B2 is to use it. Feel free to create an account, create a bucket or two, and integrate rclone. They give you 10GB of storage free and 1GB of egress free each day (unless you link your domain through Cloudflare)

1 Like

Ok i will try. As i understand buckets are some kind of containers.

Really wonder if when rclone will create the crypted folder in the B2 "Main" bucket (just the external storage root), B2 will make not a folder, but a bucket, or will understand "create a bucket". will see!

Edit : Tried with B2. Work well, the only thing is that when creating the "crypt" remote, instead of simply naming the remote you want to use for encryption, you have to write : nameofyourremote:yourb2bucket .

About the non crypted remote for thoses who wonder, I didn't to indicate any bucket name during creation and it works fine with my only bucket

Just a parenthesis: may I suggest that you edit the topic name? rcloud -> rclone?

1 Like