Encryption for the Linux CLI Agent

Update: Encryptor is now supported in the odrive agents

Hi @shaiguitar,

There is a new command encpassphrase that will allow you to specify a passphrase for an Encryptor folder.

usage: odrive encpassphrase [-h] [--initialize] passphrase id

positional arguments:
  passphrase    Encryptor folder passphrase
  id            Encryptor ID

optional arguments:
  -h, --help    show this help message and exit
  --initialize  Initialize a new Encryptor folder passphrase. Do not use if
                passphrase has already been set

To use this command you need to specify the passphrase and the Encryptor folder ID. The Encryptor folder ID can be obtained by trying to sync an Encryptor folder before a passphrase has been specified.

You will see a message like this when trying to sync an Encryptor folder that has never been setup:

No passphrase set for 11111111-1111-1111-1111-111111111111-11111111
Set a passphrase with encpassphrase --initialize.
For example: encpassphrase --initialize [your passphrase here] 11111111-1111-1111-1111-111111111111-11111111

You will see a message like this when trying to sync an Encryptor folder that has been setup previously, but never accessed on this system:

No passphrase stored for 11111111-1111-1111-1111-111111111111-11111111
Specify your passphrase with encpassphrase.
For example: encpassphrase  [your passphrase here] 11111111-1111-1111-1111-111111111111-11111111

The Linux agent will store the passphrase in a file in ~/.odrive-agent/db/odrive-encryption-[UUID]. This file is protected by file system permissions, but I am pointing it out because it is stored in plaintext. Once the passphrase has been entered, the odrive agent will hold it in memory, so it is possible to delete the file and still sync your encrypted content until the agent is restarted, if you wish. If you do that you will need to specify the passphrase again, once the agent is restarted.