Crypt Sync Files 1 3

Setup file CryptSync-1.3.4.msi - 2.19 MB - Windows - Support. All files are original. Download3K does not repack or modify downloads in any way. Check SHA1 and MD5 for confirmation. Select a download mirror: Download3k US (CryptSync-1.3.4.msi) Download3k EU (CryptSync-1.3. This website uses cookies to ensure you get the best experience on our website. Crypt Sync Files 1.3 – Syncs, encrypts, and decrypts files between local folders and USB drives. February 9, 2017 The Crypt Sync Files encrypts / decrypts and synchronize files between local folders and USB Drive, memory cards, network drives, folders on Cloud services (Dropbox, etc.).

• Crypt Sync Files 1 32-bit
• Crypt Sync Files 1 3.0

Crypt

The crypt remote encrypts and decrypts another remote.

To use it first set up the underlying remote following the configinstructions for that remote. You can also use a local pathnameinstead of a remote which will encrypt and decrypt from that directorywhich might be useful for encrypting onto a USB stick for example.

First check your chosen remote is working - we'll call itremote:path in these docs. Note that anything inside remote:pathwill be encrypted and anything outside won't. This means that if youare using a bucket based remote (eg S3, B2, swift) then you shouldprobably put the bucket in the remote s3:bucket. If you just uses3: then rclone will make encrypted bucket names too (if using filename encryption) which may or may not be what you want.

Graphicriver watercolor cartoon painting action download free. Now configure crypt using rclone config. We will call this onesecret to differentiate it from the remote. Blocs 3 3 0 cr2 download free.

Important Free server software for pc. The password is stored in the config file is lightlyobscured so it isn't immediately obvious what it is. It is in no waysecure unless you use config file encryption.

A long passphrase is recommended, or you can use a random one.

The obscured password is created by using AES-CTR with a static key, withthe salt stored verbatim at the beginning of the obscured password. Thisstatic key is shared by between all versions of rclone.

If you reconfigure rclone with the same passwords/passphraseselsewhere it will be compatible, but the obscured version will be differentdue to the different salt.

Note that rclone does not encrypt

• file length - this can be calculated within 16 bytes
• modification time - used for syncing

Specifying the remote

In normal use, make sure the remote has a : in. If you specify theremote without a : then rclone will use a local directory of thatname. So if you use a remote of /path/to/secret/files then rclonewill encrypt stuff to that directory. If you use a remote of namethen rclone will put files in a directory called name in the currentdirectory.

If you specify the remote as remote:path/to/dir then rclone willstore encrypted files in path/to/dir on the remote. If you are usingfile name encryption, then when you save files tosecret:subdir/subfile this will store them in the unencrypted pathpath/to/dir but the subdir/subpath bit will be encrypted.

Note that unless you want encrypted bucket names (which are difficultto manage because you won't know what directory they represent in webinterfaces etc), you should probably specify a bucket, egremote:secretbucket Audio studio software mac. when using bucket based remotes such as S3,Swift, Hubic, B2, GCS.

Example

To test I made a little directory of files using 'standard' file nameencryption.

Copy these to the remote and list them back

Now see what that looked like when encrypted

Note that this retains the directory structure which means you can do this

If don't use file name encryption then the remote will look like this

• note the .bin extensions added to prevent the cloud providerattempting to interpret the data.

File name encryption modes

Here are some of the features of the file name encryption modes

Off

• doesn't hide file names or directory structure
• allows for longer file names (~246 characters)
• can use sub paths and copy single files

Standard

• file names encrypted
• file names can't be as long (~143 characters)
• can use sub paths and copy single files
• directory structure visible
• identical files names will have identical uploaded names
• can use shortcuts to shorten the directory recursion

Obfuscation

This is a simple 'rotate' of the filename, with each file having a rotdistance based on the filename. We store the distance at the beginningof the filename. So a file called 'hello' may become '53.jgnnq'.

This is not a strong encryption of filenames, but it may stop automatedscanning tools from picking up on filename patterns. As such it's anintermediate between 'off' and 'standard'. The advantage is that itallows for longer path segment names.

There is a possibility with some unicode based filenames that theobfuscation is weak and may map lower case characters to upper caseequivalents. You can not rely on this for strong protection.

• file names very lightly obfuscated
• file names can be longer than standard encryption
• can use sub paths and copy single files
• directory structure visible
• identical files names will have identical uploaded names

Cloud storage systems have various limits on file name length andtotal path length which you are more likely to hit using 'Standard'file name encryption. If you keep your file names to below 156characters in length then you should be OK on all providers.

There may be an even more secure file name encryption mode in thefuture which will address the long file name problem.

Directory name encryption

Crypt offers the option of encrypting dir names or leaving them intact.There are two options:

True

Encrypts the whole file path including directory namesExample:1/12/123.txt is encrypted top0e52nreeaj0a5ea7s64m4j72s/l42g6771hnv3an9cgc8cr2n1ng/qgm4avr35m5loi1th53ato71v0

False

Only encrypts file names, skips directory namesExample:1/12/123.txt is encrypted to1/12/qgm4avr35m5loi1th53ato71v0

Modified time and hashes

Crypt stores modification times using the underlying remote so supportdepends on that.

Hashes are not stored for crypt. However the data integrity isprotected by an extremely strong crypto authenticator.

Note that you should use the rclone cryptcheck command to check theintegrity of a crypted remote instead of rclone check which can'tcheck the checksums properly.

Standard Options

Here are the standard options specific to crypt (Encrypt/Decrypt a remote).

--crypt-remote

Remote to encrypt/decrypt.Normally should contain a ':' and a path, eg 'myremote:path/to/dir','myremote:bucket' or maybe 'myremote:' (not recommended).

• Config: remote
• Env Var: RCLONE_CRYPT_REMOTE
• Type: string
• Default: '

--crypt-filename-encryption

How to encrypt the filenames.

• Config: filename_encryption
• Env Var: RCLONE_CRYPT_FILENAME_ENCRYPTION
• Type: string
• Default: 'standard'
• Examples:
  • 'standard'
    • Encrypt the filenames see the docs for the details.
  • 'obfuscate'
    • Very simple filename obfuscation.
  • 'off'
    • Don't encrypt the file names. Adds a '.bin' extension only.

--crypt-directory-name-encryption

Option to either encrypt directory names or leave them intact.

NB If filename_encryption is 'off' then this option will do nothing.

• Config: directory_name_encryption
• Env Var: RCLONE_CRYPT_DIRECTORY_NAME_ENCRYPTION
• Type: bool
• Default: true
• Examples:
  • 'true'
    • Encrypt directory names.
  • 'false'
    • Don't encrypt directory names, leave them intact.

--crypt-password

Password or pass phrase for encryption.

NB Input to this must be obscured - see rclone obscure.

• Config: password
• Env Var: RCLONE_CRYPT_PASSWORD
• Type: string
• Default: '

--crypt-password2

Password or pass phrase for salt. Optional but recommended.Should be different to the previous password.

NB Input to this must be obscured - see rclone obscure.

• Config: password2
• Env Var: RCLONE_CRYPT_PASSWORD2
• Type: string
• Default: '

Advanced Options

Here are the advanced options specific to crypt (Encrypt/Decrypt a remote).

--crypt-server-side-across-configs

Allow server side operations (eg copy) to work across different crypt configs.

Normally this option is not what you want, but if you have two cryptspointing to the same backend you can use it.

This can be used, for example, to change file name encryption typewithout re-uploading all the data. Just make two crypt backendspointing to two different directories with the single changedparameter and use rclone move to move the files between the cryptremotes.

• Config: server_side_across_configs
• Env Var: RCLONE_CRYPT_SERVER_SIDE_ACROSS_CONFIGS
• Type: bool
• Default: false

--crypt-show-mapping

For all files listed show how the names encrypt.

If this flag is set then for each file that the remote is asked tolist, it will log (at level INFO) a line stating the decrypted filename and the encrypted file name.

This is so you can work out which encrypted names are which decryptednames just in case you need to do something with the encrypted filenames, or for debugging purposes.

• Config: show_mapping
• Env Var: RCLONE_CRYPT_SHOW_MAPPING
• Type: bool
• Default: false

Backend commands

Crypt Sync Files 1 32-bit

Here are the commands specific to the crypt backend.

Run them with

The help below will explain what arguments each command takes.

See the 'rclone backend' command for moreinfo on how to pass options and arguments.

These can be run on a running backend using the rc commandbackend/command.

encode

Encode the given filename(s)

This encodes the filenames given as arguments returning a list ofstrings of the encoded results.

Usage Example:

decode

Decode the given filename(s)

This decodes the filenames given as arguments returning a list ofstrings of the decoded results. It will return an error if any of theinputs are invalid.

Usage Example:

Backing up a crypted remote

If you wish to backup a crypted remote, it is recommended that you userclone sync on the encrypted files, and make sure the passwords arethe same in the new encrypted remote.

This will have the following advantages

• rclone sync will check the checksums while copying
• you can use rclone check between the encrypted remotes
• you don't decrypt and encrypt unnecessarily

For example, let's say you have your original remote at remote: withthe encrypted version at eremote: with path remote:crypt. Youwould then set up the new remote remote2: and then the encryptedversion eremote2: with path remote2:crypt using the same passwordsas eremote:.

To sync the two remotes you would do

And to check the integrity you would do

File formats

File encryption

Crypt Sync Files 1 3.0

Files are encrypted 1:1 source file to destination object. The filehas a header and is divided into chunks.

Header

• 8 bytes magic string RCLONEx00x00
• 24 bytes Nonce (IV)

The initial nonce is generated from the operating systems cryptostrong random number generator. The nonce is incremented for eachchunk read making sure each nonce is unique for each block written.The chance of a nonce being re-used is minuscule. If you wrote anexabyte of data (10¹⁸ bytes) you would have a probability ofapproximately 2×10⁻³² of re-using a nonce.

Chunk

Each chunk will contain 64kB of data, except for the last one whichmay have less data. The data chunk is in standard NACL secretboxformat. Secretbox uses XSalsa20 and Poly1305 to encrypt andauthenticate messages.

Each chunk contains:

• 16 Bytes of Poly1305 authenticator
• 1 - 65536 bytes XSalsa20 encrypted data

64k chunk size was chosen as the best performing chunk size (theauthenticator takes too much time below this and the performance dropsoff due to cache effects above this). Note that these chunks arebuffered in memory so they can't be too big.

This uses a 32 byte (256 bit key) key derived from the user password.

Examples

1 byte file will encrypt to

• 32 bytes header
• 17 bytes data chunk

49 bytes total

1MB (1048576 bytes) file will encrypt to

• 32 bytes header
• 16 chunks of 65568 bytes

1049120 bytes total (a 0.05% overhead). This is the overhead for bigfiles.

Name encryption

File names are encrypted segment by segment - the path is broken upinto / separated strings and these are encrypted individually.

File segments are padded using PKCS#7 to a multiple of 16 bytesbefore encryption.

They are then encrypted with EME using AES with 256 bit key. EME(ECB-Mix-ECB) is a wide-block encryption mode presented in the 2003paper 'A Parallelizable Enciphering Mode' by Halevi and Rogaway.

This makes for deterministic encryption which is what we want - thesame filename must encrypt to the same thing otherwise we can't findit on the cloud storage system.

This means that

• filenames with the same name will encrypt the same
• filenames which start the same won't have a common prefix

This uses a 32 byte key (256 bits) and a 16 byte (128 bits) IV both ofwhich are derived from the user password.

After encryption they are written out using a modified version ofstandard base32 encoding as described in RFC4648. The standardencoding is modified in two ways:

• it becomes lower case (no-one likes upper case filenames!)
• we strip the padding character =

base32 is used rather than the more efficient base64 so rclone can beused on case insensitive remotes (eg Windows, Amazon Drive).

Key derivation

Rclone uses scrypt with parameters N=16384, r=8, p=1 with anoptional user supplied salt (password2) to derive the 32+32+16 = 80bytes of key material required. If the user doesn't supply a saltthen rclone uses an internal one.

scrypt makes it impractical to mount a dictionary attack on rcloneencrypted data. For full protection against this you should always usea salt.

VeraCrypt, a successor to TrueCrypt is largely compatible with it enables the complete or partial encryption of data carriers. Like the template, the freeware is distributed under an open-source license.

If you are really concerned about your files on a computer, especially for security, there is hardly anything better than encrypting them. Even if you keep your files on the cloud, encrypting them before uploading ensures the privacy of your data. If you want to upload some private photos of you or other such sensitive files, and you don't have any other option, other than uploading them to the cloud, encryption seems to be the most viable option. There are a number of ways you can encrypt your data, and if you are on Windows, you might already know about BitLocker, even if you haven't used it ever in your life.

What is VeraCrypt?

You can find out, how you can use BitLocker to encrypt all your files on a Windows computer here. But if you work across multiple platforms, you need some cross-platform solution. Here comes VeraCrypt, which is an open-source and cross-platform encryption software available for Windows, Mac, Linux, and BSD for securing sensitive data has been further developed taking into account the recently known brute force attacks.

So, whatever platform you are on, VeraCrypt is available. If you have coding skills, you can also get the source code and modify it and build it up to your requirements. It can both be installed, and you can even use it as a portable program, to carry your encrypted files safely everywhere. There are a number of advantages of VeraCrypt, over proprietary BitLocker, and you can find them once you start using VeraCrypt. By default, the software uses 256-bit encryption to make data illegible for attackers.

See: How to install VeraCrypt on Ubuntu Linux

Downloading and installing VeraCrypt Open source disk encryption

VeraCrypt makes it possible to make individual folders, entire drives and partitions or even the entire system inaccessible to attackers. In addition, the software can also create a new, hidden partition, which can not be found by outsiders when browsing the hard disk without considerable effort. Users have access to the fully encrypted content via a previously defined password.

Step 1: Download standard or portable version of VeraCrypt

Download VeraCrypton your Windows computer and install it the same way you install other Windows programs. You can alternatively download the portable version of VeraCrypt, as well.

Download VeraCrypt on your Windows

Step 2: Install it on the system or extract as a portable version

After the download starts, you can also choose, whether you want to install it, or just keep the portable version of VeraCrypt. Just use ‘Repair/Reinstall' to install VeraCrypt.

After you have downloaded and installed VeraCrypt, open the VeraCrypt application, and the first step is to set up encryption.

Step 3: Creating an encrypted drive

Using VeraCrypt, you have three different ways to encrypt your files. Using one of the options, you can encrypt an entire drive, which means, all the files within the drive will be encrypted. The second option will encrypt the system partition or drive. The third or the best option is to create a virtual drive and encrypt the same. After you mount the drive, all the files that you will keep within it will be encrypted. So, here, I will discuss, how you can set up VeraCrypt encryption, using the third option.

After you open the VeraCrypt application, click on ‘Create Volume'.

Creating an encrypted drive

Next, you will find the three ways to create encrypted volumes, as I just discussed. Just select ‘Create an encrypted file container', which should be the default option, and click on ‘Next'.

• rclone sync will check the checksums while copying
• you can use rclone check between the encrypted remotes
• you don't decrypt and encrypt unnecessarily

For example, let's say you have your original remote at remote: withthe encrypted version at eremote: with path remote:crypt. Youwould then set up the new remote remote2: and then the encryptedversion eremote2: with path remote2:crypt using the same passwordsas eremote:.

To sync the two remotes you would do

And to check the integrity you would do

File formats

File encryption

Crypt Sync Files 1 3.0

Files are encrypted 1:1 source file to destination object. The filehas a header and is divided into chunks.

Header

• 8 bytes magic string RCLONEx00x00
• 24 bytes Nonce (IV)

The initial nonce is generated from the operating systems cryptostrong random number generator. The nonce is incremented for eachchunk read making sure each nonce is unique for each block written.The chance of a nonce being re-used is minuscule. If you wrote anexabyte of data (10¹⁸ bytes) you would have a probability ofapproximately 2×10⁻³² of re-using a nonce.

Chunk

Each chunk will contain 64kB of data, except for the last one whichmay have less data. The data chunk is in standard NACL secretboxformat. Secretbox uses XSalsa20 and Poly1305 to encrypt andauthenticate messages.

Each chunk contains:

• 16 Bytes of Poly1305 authenticator
• 1 - 65536 bytes XSalsa20 encrypted data

64k chunk size was chosen as the best performing chunk size (theauthenticator takes too much time below this and the performance dropsoff due to cache effects above this). Note that these chunks arebuffered in memory so they can't be too big.

This uses a 32 byte (256 bit key) key derived from the user password.

Examples

1 byte file will encrypt to

• 32 bytes header
• 17 bytes data chunk

49 bytes total

1MB (1048576 bytes) file will encrypt to

• 32 bytes header
• 16 chunks of 65568 bytes

1049120 bytes total (a 0.05% overhead). This is the overhead for bigfiles.

Name encryption

File names are encrypted segment by segment - the path is broken upinto / separated strings and these are encrypted individually.

File segments are padded using PKCS#7 to a multiple of 16 bytesbefore encryption.

They are then encrypted with EME using AES with 256 bit key. EME(ECB-Mix-ECB) is a wide-block encryption mode presented in the 2003paper 'A Parallelizable Enciphering Mode' by Halevi and Rogaway.

This makes for deterministic encryption which is what we want - thesame filename must encrypt to the same thing otherwise we can't findit on the cloud storage system.

This means that

• filenames with the same name will encrypt the same
• filenames which start the same won't have a common prefix

This uses a 32 byte key (256 bits) and a 16 byte (128 bits) IV both ofwhich are derived from the user password.

After encryption they are written out using a modified version ofstandard base32 encoding as described in RFC4648. The standardencoding is modified in two ways:

• it becomes lower case (no-one likes upper case filenames!)
• we strip the padding character =

base32 is used rather than the more efficient base64 so rclone can beused on case insensitive remotes (eg Windows, Amazon Drive).

Key derivation

Rclone uses scrypt with parameters N=16384, r=8, p=1 with anoptional user supplied salt (password2) to derive the 32+32+16 = 80bytes of key material required. If the user doesn't supply a saltthen rclone uses an internal one.

scrypt makes it impractical to mount a dictionary attack on rcloneencrypted data. For full protection against this you should always usea salt.

VeraCrypt, a successor to TrueCrypt is largely compatible with it enables the complete or partial encryption of data carriers. Like the template, the freeware is distributed under an open-source license.

If you are really concerned about your files on a computer, especially for security, there is hardly anything better than encrypting them. Even if you keep your files on the cloud, encrypting them before uploading ensures the privacy of your data. If you want to upload some private photos of you or other such sensitive files, and you don't have any other option, other than uploading them to the cloud, encryption seems to be the most viable option. There are a number of ways you can encrypt your data, and if you are on Windows, you might already know about BitLocker, even if you haven't used it ever in your life.

What is VeraCrypt?

You can find out, how you can use BitLocker to encrypt all your files on a Windows computer here. But if you work across multiple platforms, you need some cross-platform solution. Here comes VeraCrypt, which is an open-source and cross-platform encryption software available for Windows, Mac, Linux, and BSD for securing sensitive data has been further developed taking into account the recently known brute force attacks.

So, whatever platform you are on, VeraCrypt is available. If you have coding skills, you can also get the source code and modify it and build it up to your requirements. It can both be installed, and you can even use it as a portable program, to carry your encrypted files safely everywhere. There are a number of advantages of VeraCrypt, over proprietary BitLocker, and you can find them once you start using VeraCrypt. By default, the software uses 256-bit encryption to make data illegible for attackers.

See: How to install VeraCrypt on Ubuntu Linux

Downloading and installing VeraCrypt Open source disk encryption

VeraCrypt makes it possible to make individual folders, entire drives and partitions or even the entire system inaccessible to attackers. In addition, the software can also create a new, hidden partition, which can not be found by outsiders when browsing the hard disk without considerable effort. Users have access to the fully encrypted content via a previously defined password.

Step 1: Download standard or portable version of VeraCrypt

Download VeraCrypton your Windows computer and install it the same way you install other Windows programs. You can alternatively download the portable version of VeraCrypt, as well.

Download VeraCrypt on your Windows

Step 2: Install it on the system or extract as a portable version

After the download starts, you can also choose, whether you want to install it, or just keep the portable version of VeraCrypt. Just use ‘Repair/Reinstall' to install VeraCrypt.

After you have downloaded and installed VeraCrypt, open the VeraCrypt application, and the first step is to set up encryption.

Step 3: Creating an encrypted drive

Using VeraCrypt, you have three different ways to encrypt your files. Using one of the options, you can encrypt an entire drive, which means, all the files within the drive will be encrypted. The second option will encrypt the system partition or drive. The third or the best option is to create a virtual drive and encrypt the same. After you mount the drive, all the files that you will keep within it will be encrypted. So, here, I will discuss, how you can set up VeraCrypt encryption, using the third option.

After you open the VeraCrypt application, click on ‘Create Volume'.

Creating an encrypted drive

Next, you will find the three ways to create encrypted volumes, as I just discussed. Just select ‘Create an encrypted file container', which should be the default option, and click on ‘Next'.

'Apart from this, Encrypt a non-system partition/drive option is there to encrypt a non-system partition such as external hard drives or flash drives; also it let's create a hidden volume. And Encrypt the system partition or entire system drive one allows the users to encrypt the Windows installed partition or drive which makes it password protected and one has to enter the set security password to use the access and use the system, read and write files etc. So, after using this encryption setting, we need to enter the correct password each time before Windows boots.'

Step 4: Standard VeraCrypt volume

Next, you will have to choose the type of volume that you want to create. You can create a normal volume, which is like any other drive on a computer, but encrypted. With the second option, you can create a hidden volume, which is a useful option if you want to hide your encrypted volume from others. Hidden encrypted volumes can be useful if you often face situations when you need to disclose your password under pressure. So you can choose the second option if you want. But I will proceed with the first option or ‘Standard VeraCrypt volume'. After that, click on ‘Next'.

Step 5: Choose the name of the virtual drive

Now, click on ‘Select File…' to choose the name of the virtual drive, and the location, and click on ‘Next'. You should select an empty file in this step. Do not select an existing file, as this is not going to encrypt the selected file. This step is only going to create a virtual drive whose contents will be encrypted using VeraCrypt.

Choose the name of the virtual drive

Step 6: Select the VeraCrypt Encryption Algorithm

In the next step, you will have to choose the encryption algorithm, which is ‘AES' by default. Just click on ‘Next' after you choose the encryption and hashing algorithm from the drop-down menu.

Step 7: VeraCrypt Volume Creation Wizard

The next important step is to choose the size of the encrypted drive volume. Just choose the unit, and enter the size. Here, I am creating a 300 MB volume. You can create a bigger or a smaller drive as per your requirements. After you enter the size, click on ‘Next'.

VeraCrypt Volume Creation Wizard

Step 8: Choose a password

The most important part is to choose a password. To keep your files safe from brute-force attacks, choose a strong and big password that is a combination of letters, numbers and special characters. After you choose your password, click on ‘Next'. You might be prompted to enter a big password.

Choose a password

Step 9: Choose the file system and format

In the final step, you will have to choose the file system, cluster size, and whether you want to do a quick format or a full format. It is also recommended that you keep moving the mouse as much as you can to generate randomness and strengthen the encryption keys. Finally, click on ‘Format' after you have selected all the necessary options.

After the format is complete, click on ‘Next', and you can now exit the wizard.

VeraCrypt Volume Creation Wizard

Your virtual drive is now created. It is time to mount the virtual drive and add some files to it.

Step 10: Mounting and adding files

To mount an encrypted volume, just open VeraCrypt, and click on ‘Select File…' Now choose the file created by you in the last step, and that will be mounted as a drive on your computer. Choose an unused drive letter from the list, and finally click on ‘Mount'.

Now, enter the password, and click on ‘OK'.

Enter the password

Now, you can find the drive within ‘My Computer' or your default file manager on Windows or the Linux distribution that you are using.

To unmount the drives, open VeraCrypt, choose the drive that you want to unmount, and click on ‘Dismount', or click on ‘Dismount All'.

Dismount All

The steps are exactly similar if you are using VeraCrypt on other platforms like Linux or Mac OS. After a drive is mounted, you can treat it like a regular drive, on all the platforms. You can even format the drive, if necessary. Unlike BitLocker, VeraCrypt offers more convenience and it is a must-have if you are looking for the best level of security for all your sensitive data.

So, that was all about how you can get started with VeraCrypt on your computer. Did you face any problems? Feel free to comment on the same below.

Other Articles: