Encrypt a folder with two keys

encryption

#1

Dear ODrive,

// Annomaly detected!!

Accidentally, I managed to encrypt a folder with two different keys. I now have one computer writing to a folder with password “123” and another computer writing to this folder with “abc”.

// What is the behaviour of this anomaly?

This small anomaly showed me some behaviour of ODrive that I would like to discuss. (For simplicity, let me refer to the folders with their passphrases).

  • I put a file X in folder “123” and a file Y in folder “abc”
  • On Amazon Drive, I have two files (presumably file X encrypted with “123” and file Y encrypted with “abc”)
  • When I unsync and than sync a folder “123” and “abc”, I only get X in folder “123” and Y in “abc” and no error in the log!!!

Next, I tried to delete folder “123”. I got the message

  • “Restored deleted item. The file/folder could not be modified”.
    This made me a bit happyer, because folder “123” should not be allowed to trash files put there through folder “abc”.

Additionally, I tried to rename the folder. This worked. I also expected this, because the folder name of the root folder is not encrypted.

// Why am I deeply concerned?
In order to use ODrive, you need to be able to trust ODrive for the full 100% to sync files. This examples shows that the icons of ODrive are not to be trusted 100%; I thought I had all the files in my folder “123”, but in fact, I was missing the files put there through folder “abc”.

// How to solve/improve this?

  • Most importantly: give me as a user the tools to be 100% sure that all my files are in sync: Odrive checkmark is misleading - folder is NOT in sync
    => Please, give a me a checksum feature so I can trust ODrive.
  • Fix the icons: a blue check icon is misleading. It should not have been checked
  • If ODrive is unable to get all my files for whatever reason (like that a folder contains files encrypted with different keys) PLEASE PLEASE PLEASE – notify me! In my example, I would have loved to read “Sorry, ODrive has found files in your folder that cannot be encrypted. We believe these folders are derived from another source than this folder on your pc”. The reason thy it is so important to notify me, is that I could have thrown away my precious files after a migration/move action. This is what a lot of users are afraid of in my opinion
  • Fix the (small) anomaly that two computers can write to the same folder with different keys is easy to fix

#2

Hi @tulipit,
For encryption, all content that cannot be decrypted with the given key for the Encryptor folder is ignored, so odrive doesn’t actually account for anything else. To odrive, if all of the content that can be encrypted/decrypted is in sync, then the folder is in sync.

When you setup an Encryptor folder, odrive will notify you if there is content already in there, like this:

Did you see that message?

Can you also tell me how you ended up in this state? There are a few hoops that you would need to jump through to encrypt a folder with two separate keys. I would like to make sure there isn’t an unaccounted-for way to hit this scenario.


#3

Hi Tony,

No, I didn’t see this message, because at the setup, the folder was empty.

I’m happy to shine a light on the steps I took.

  1. Create a new unencrypted folder through the “storage”-tab on the odrive-site (for Amazon Drive)
  2. Define an encryption folder through the “encryption”-tab on the odrive-site
  3. See two computers (both Mac’s) show the new cloudf-folder
  4. Click the cloudf-folder on one computer to setup encryption
  5. Click the cloudf-folder on the second computer to setup encryption

Between step 4 and step 5 was more than a minute.

// Sidenote
Possibly, we are touching another thing that I don’t understand. I use the above 3 steps to always create a folder for encryption. I don’t know how to encrypt a folder I am already syncing to Amazon or how to set-up a sync with an encrypted folder. Hence, all my encryption folders reside in the odrive-root, what is for me the only place to access them.


#4

Hi @tulipit,
I see now. Since odrive doesn’t track anything about the encryption (zero knowledge), all determination for what is in that folder is done on the fly, based on the contents of the local folder. Basically odrive looks to see if you have already defined a passphrase for this folder. If so, it uses that to try to decrypt the names of the content in the folder and displays what can be decrypted using the passphrase. Anything that isn’t decrypted using the passphrase is not shown.

In your case, odrive saw an empty folder on both machines and asked you to define an passphrase for the folder (thinking its being used for the first time). Since you defined different keys on each machine, those instances of odrive created - and, subsequently, looked at - only content encrypted with the defined passphrase.

The current version of encryption is confined to the Encryptor folder in odrive. Our next version will allow for arbitrary locations.