Encryption for the Linux CLI Agent

Reini · September 28, 2016, 11:06am

Hello,
i use your Windows Client for about 1 month now. It works very well for daily used files. All files are encrypted on Amazon Cloud Drive. I would like to use the odrive CLI Agent now on linux for bigger backup files and sync them automatically. But i can´t see any encryption funcionality like in the windows desktop agent. Is there a plan to integrate this functionality and if so when?

best regards
Reini

Tony · September 28, 2016, 5:07pm

Hi @Reini,
Encryption is not currently supported in Agent, but it is planned. We do not have a date for release yet.

bass_rock · October 6, 2016, 6:08am

Is there any estimate you can give us? This is a feature that I would really like.

cdl · April 9, 2017, 11:31pm

Any further ideas on when this might be available?

Tony · April 10, 2017, 10:54pm

Hi @cdl,
It is tied into the large-scope development we are doing, so no estimates at this time.

jason5 · April 30, 2017, 5:43am

+1. Really need this feature

michael4 · May 16, 2017, 6:10pm

+1 I would love to see this feature!

shaiguitar · June 20, 2018, 4:11am

Any updates on this?

Tony · June 21, 2018, 1:09am

Update: Encryptor is now supported in the odrive agents

Hi @shaiguitar,

There is a new command encpassphrase that will allow you to specify a passphrase for an Encryptor folder.

usage: odrive encpassphrase [-h] [--initialize] passphrase id

positional arguments:
  passphrase    Encryptor folder passphrase
  id            Encryptor ID

optional arguments:
  -h, --help    show this help message and exit
  --initialize  Initialize a new Encryptor folder passphrase. Do not use if
                passphrase has already been set

To use this command you need to specify the passphrase and the Encryptor folder ID. The Encryptor folder ID can be obtained by trying to sync an Encryptor folder before a passphrase has been specified.

You will see a message like this when trying to sync an Encryptor folder that has never been setup:

No passphrase set for 11111111-1111-1111-1111-111111111111-11111111
Set a passphrase with encpassphrase --initialize.
For example: encpassphrase --initialize [your passphrase here] 11111111-1111-1111-1111-111111111111-11111111

You will see a message like this when trying to sync an Encryptor folder that has been setup previously, but never accessed on this system:

No passphrase stored for 11111111-1111-1111-1111-111111111111-11111111
Specify your passphrase with encpassphrase.
For example: encpassphrase  [your passphrase here] 11111111-1111-1111-1111-111111111111-11111111

The Linux agent will store the passphrase in a file in ~/.odrive-agent/db/odrive-encryption-[UUID]. This file is protected by file system permissions, but I am pointing it out because it is stored in plaintext. Once the passphrase has been entered, the odrive agent will hold it in memory, so it is possible to delete the file and still sync your encrypted content until the agent is restarted, if you wish. If you do that you will need to specify the passphrase again, once the agent is restarted.

shaiguitar · June 22, 2018, 4:22pm

Good to know there’s some progress here! Do you have an ARM (raspberry pi) build?

~/tmp-test-odrive $ ./odrive --help
-bash: ./odrive: cannot execute binary file: Exec format error

~/tmp-test-odrive $ ./odriveagent  --help
-bash: ./odriveagent: cannot execute binary file: Exec format error

~/tmp-test-odrive $ cat /proc/cpuinfo|grep ARM
model name	: ARMv7 Processor rev 4 (v7l)

Tony · June 22, 2018, 4:48pm

Hi @shaiguitar,
I added the rest of the platform builds to that share link above.

Tony · July 12, 2018, 2:59pm

Hi @shaiguitar and others,
Does anyone have any feedback on the addition of encryption to the agent? I would like to push it out, officially, if its working well for folks.

Tony · September 12, 2018, 7:10pm

4 posts were split to a new topic: Uclibc support for Agent ARM build