Questions about encryption


I am an absolutely new user of rclone who uses it mainly to have a mount of GSuite data. The crypt mount is actually lovely. :slight_smile:

First of all a question… In the standard encryption’s case do you use the password/salt in any ways to encrypt the filenames? Or if anyone creates a hello.txt, he/she will have the same name?

And also the filename length limitation… I was thinking about a possible solution and since we can encrypt file contents without any further pain, we could build a catalog for the filenames and store everything in a file. That way we could build a secure and not limited name encryption too. That would be amazing!

And let me ask another question too. Is it possible to upload files to the cloud and let rclone encrypt them without having a mount? So using the copy function for example? Would that be faster?

Thanks a lot

This may help understand how encryption is performed in rclone

There have been a number of discussions around having a “catalogue” file. This could solve a number of complicated issues. But it’s not easy.

If a remote is defined as encrypted in the rclone.conf file then all actions (eg copy) will be encrypted. You don’t need to mount the remote. It’s how I protect my offsite backups (rclone sync /BACKUPS backups: type command, and the remote drive is all encrypted/obfuscated

I know how these encryptions work in a nutshell, so I could guess rclone works that way too. My question is the standard file encryption uses the password/salt or uses the same algorithm to produce the filenames and regardless of your setting it’ll be always the same for everyone. I did check the crypt docs but couldn’t find the answer. But I guess it uses my pass because the other method would be extremely weak against rainbow tables or deobfuscation.

And may I ask what are the hard things exactly in the catalogue method? Can you link me those previous threads? I cannot find them.

Thanks for the quick and detailed reply!

Any further comments on this? :blush:

Yes the password and salt are used to create the filenames, so they wil be different for everyone.

However for a given crypt “hello.txt” will always encrypt to the same string so if you have it in multiple places in your directory hierarchy there will be files with the same name.

This isn’t ideal (it is effectively ECB mode for whole filenames) - doing it differently didn’t fit into the current architecture of rclone.

Sure rclone copy will work just fine with a crypt backend.