I just wanted to clarify that there is no server-side component for encryption. It is completely self-contained. I wrote up a post going into the specifics of encryption and decryption here, if you are curious about the process. Encryption questions: Key storage, decryption process, and others
For what it’s worth, I’ve started using Cryptomator to encrypt and decrypt my files on the client before sending them to a cloud storage provider. It isn’t a replacement for oDrive, but:
- It’s cross platform, so I can use it on my Windows, Mac, and Linux machines (yes, I use all three). (Mobile support is limited to a few select cloud storage providers.)
- It’s open source.
- They’ve documented their security architecture so you know exactly how your data is encrypted, even if they hadn’t provided the source code. (Are you taking notes, oDrive?)
The fact that oDrive is closed source and unwilling to reveal their encryption process is a security risk. They are asking their users to put full trust in in their software without providing enough reason for that trust.
I recently ran into a similar issue with a software called ThingWorx. They have an encryption API that claims to use a 224 bit key with AES-128 (which is impossible), and it turns out they were only using a key and IV with a strength of 49 and 53.5 bits, respectively.
Until oDrive releases their complete security architecture with steps to decrypt, or until they release their source code, do not trust their encryption. We have no way of knowing whether they have a backdoor to encrypt our data.
Based on that post, I’ve begun work on a decryption function that can act as a springboard for writing a full decryption client. You can find it at https://github.com/jordanbtucker/odrive-decrypt.
All that being said, oDrive is probably using security best practices, and probably doesn’t have a backdoor to our encrypted data, however, we can’t be sure. oDrive’s best move is to be open about their encryption process.
Encryption questions: Key storage, decryption process, and others
I saw your other post in reply to mine. It’s funny because I too just started using Cryptomator. I really like the fact that they are so transparent with their encryption process, and the fact that it’s open source provides even more confidence. I also like how they completely scramble the file and directory structure so it literally looks like gobblety gook. I agree with you that when you get to the nitty gritty, it’s really important to have clear transparency about the encryption process.
To add to the options, I also really like boxencryptor. While it’s paid and non open source, their encryption process is fully laid out in their website and there’s actually a Youtube video explaining it in full detail. I really like that they use asymmetric encryption to encrypt the symmetric key. So as of now, I use boxencryptor for most files, and cryptomator for the most sensitive ones.
Lastly, I should point you to sync.com which is a new player on the cloud. Their encryption process is also fairly transparent - though perhaps not as much as the last two players - but their data storage is the cheapest I’ve seen for what you get.
I’ve updated the thread referenced above to provide full details of the encryption and decryption process, for anyone interested. Encryption questions: Key storage, decryption process, and others
I will look at getting this added to the Encryption page for folks that want more of the nitty gritty details.
Keeps users more sticky that way? … unfortunate
It looks like your reply was to this comment:
This is not true. We do not store anything required for decryption. You can look at this post for specific details about the entire process, which is completely self-contained and “zero-knowledge”. Encryption questions: Key storage, decryption process, and others
This is not an “official” odrive tool, but I spent some time on a python app that will decrypt a given odrive encrypted file (V1): https://github.com/amagliul/odrive-utilities
decrypt_odrive_file.py - A command-line utility to decrypt odrive-encrypted files and folders.
usage: decrypt_odrive_file.py [-h] --path PATH --password PASSWORD [--nameonly] [--renamefolder] [--recursive] [--filter FILTER] optional arguments: -h, --help show this help message and exit --path PATH The file to decrypt or the folder to start from. **Will not decrypt placeholder files** --password PASSWORD The passphrase --nameonly Print the decrypted name, only --renamefolder Rename if the target is a folder --recursive Recurse through given path --filter FILTER Only process files/folders with this simple substring path filter (ex: 'xlarge')
There are some other useful utilities there, as well.
Need a temporary way to access expired subscription
Amazon Cloud Drive - Instability while Downloading
Here’s another unofficial tool that will recursively decrypt a folder.
Can you do a video tutorial please, in order to share how to decrypt encrypted files with odrive?
I tried to decrypt like you wrote in github, but its not working for me. Im sure that im doing wrong.
Help me please, thanks.
@videoandesign Please submit an issue at https://github.com/jordanbtucker/odrive-crypt/issues/new and include any error messages and operating system version. Thanks.
Its working! Thank you very much. So happy!