Reenter Encryption Password or possibility to "lock" encrypted folder

Hello

I use odrive and encryption. It’s working fine but I want to be able to “unlock” my encrypted folder only when needed. Is there a way to do this? I think something like “lock this folder” and when I want to use it I have to enter the password again.

This would add an additional security to the encrypted folder? At the moment I could live with deleting a file or a registry key (whatever I can scipt) :slight_smile:

Any help appreciated.
Roger

1 Like

Hi,
This is planned for our next version of encryption and will allow you to “lock” the local files.

If you need to remove the saved information:

Windows registry:
HKEY_CURRENT_USER\SOFTWARE\odrive-encryption-[unique uuid] where [unique-uuid] is a different ID for each encryptor folder that has been setup.

Mac keychain:
Under odrive-encryption-[unique uuid]

2 Likes

Thanks Tony for the tip for Windows. Is there a Mac equivalent?

1 Like

Mac is kept in the keychain with the same odrive-encryption-[unique uuid] name

2 Likes

Tony, is there a way to resolve the uuid to the encrypted folders? I have several and I to do that by try and error is a bit cumberson (I wil do it if no other way :slight_smile: )

Hi @roger2,
There isn’t a way to attribute a uuid to a folder name. Are you trying to selectively remove the objects?

Hi to do this on the registry editor, do you just delete the top “folder” HKEY_CURRENT_USER\SOFTWARE\odrive-encryption-[unique uuid] where [unique-uuid] or one of the values inside? Also do the files need to be unsyced before doing this or will it work with synced files?

Hi @tony3,
You can remove it at the “HKEY_CURRENT_USER\SOFTWARE\odrive-encryption-[unique uuid]” level. Once removed, restart odrive and any new files you try to sync will require you to enter the passphrase again. You do not need to unsync first, but anything already synced will be accessible.

Is this still on the todo list? I noticed that the password on Mac is only secured with the login password and is otherwise clearly readable. I understand the usefulness of caching the password but it’s not a good solution for securing sensitive information.

I’d be pleased if it could be set to forget the password upon un-sync of the encrypted volume. Maybe the presence of a control file or even store the information needed in a file in the root of the encrypted volume so, once un-synced, it’d become inaccessible and hence locked?

Thanks,
MPT

Hi @michael1,
Would an option to prevent storing the passphrase on disk work for you. This would mean that each time you started odrive and wanted to access an Encryptor folder, you would need to put in the passphrase, once. It would then be retained in memory until you quit the odrive app.

That’d be 90% perfect, having to quit odrive would be cumbersome but I guess much easier to implement! Ideally a preference on the particular encrypted volume to choose its behavior and the automatic ‘forgetting’ of the password once the last file has been uploaded and the volume unsynced would be the perfect or, just forgetting when it’s unsynced would be the simplest. That way, I can set auto-unsync daily in case I accidentally leave my extended security folder open.

The use case is that I want to store extra secure info - anything for company documents, personal files, keys, etc. in a store that’s normally locked. The Apple Notes app’s secondary password for ‘locked’ notes is a good example.

Thanks!

1 Like

The solution: Another good example is the ‘Remember’ checkbox that often shows on the password entry box - perhaps this is as simple as adding the checkbox on the entry dialog and defaulting to not save - that way you don’t write it to the keychain / registry and it prompts every time you visit - 10 mins work? :slight_smile:

1 Like

Hi @michael1,
I wanted to let you know that we released a version of the desktop client that allows for you to apply a setting that instructs odrive to forget the passphrase once the application exits.

It basically doesn’t persist the information to the registry/keystore and only retains it in memory.

The setting is available within the odrive_user_premium_conf.txt file in the root of the odrive folder.

  • Open up the odrive_user_premium_conf.txt
  • Go to the “forgetEncPassphrase” entry
  • Change the value false to the value true
  • Restart odrive.

If you don’t see this new setting, delete the current odrive_user_premium_conf.txt file and restart odrive.

More on this here: Advanced client options