Post a reply

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: Re: Client-side Encryption of files

virgile wrote:

It is limited to sftp...
cyberduck offers a transparent encryption using cryptomator for any protocol. I wish winscp would go in that way.

What protocol are you interested in?
See also https://winscp.net/forum/viewtopic.php?t=26434
virgile

Re: Re: Client-side Encryption of files

It is limited to sftp...
cyberduck offers a transparent encryption using cryptomator for any protocol. I wish winscp would go in that way.
martin

Re: Re: Client-side Encryption of files

Fuana wrote:

There could be an extension to the "Zip And Upload" command that would allow to zip ( no compress) individual files within a folder and password protect them. As the Zip protocol is available freely, then decrypting the files can be done on the fly

OK, but that's effectively the same what the file encryption in 5.14 beta does already.
martin

Re: Client-side Encryption of files

virgile wrote:

Only in version 5.14 not yet released

5.14 beta has been released few months ago:
https://winscp.net/eng/downloads.php
Fuana

Re: Re: Client-side Encryption of files

don_ wrote:

Well, on my local computer I have several convenient ways of protecting my files (e.g. file permissions, disk encryption, filesystem encryption, etc...)
But most of them can not protect my files after they have been uploaded to a remote server. So I'd like WinSCP to protect the files I'm about to upload by encrypting them automatically.

Until now I need to manually create an encrypted copy locally + upload the encrypted local copy + delete the encrypted local copy. I have to repeat this every time I upload files. The same usability nightmare happens when downloading encrypted files.
This is very inconvenient - especially when working with lots of files and limited local disk space. Its time consuming, prone to errors and mistakes and I guess it is also why people mostly don't even consider encrypting their remote files.

Now, the idea is to let WinSCP make all the necessary steps and encrypt the files 'on-the-fly' during upload. All a users needs to do is to provide an encryption password.
Ideally decryption should also happen 'on-the-fly' during the download of an encrypted file.
So all local files are unencrypted. The user does not have to change the way they work with the local files. And all remote files are encrypted. As long as a user knows the decryption password, he will be able to browse an download these files in WinSCP and also does not have to change the way they work with the remote files.

I hope this helps to get an idea of what I propose and why.



There could be an extension to the "Zip And Upload" command that would allow to zip ( no compress) individual files within a folder and password protect them. As the Zip protocol is available freely, then decrypting the files can be done on the fly
virgile

Re: Client-side Encryption of files

virgile wrote:

martin wrote:

This has been implemented already:
https://winscp.net/tracker/1653


Only in version 5.14 not yet released

and only for sftp ( no Ftp or Webdav)
virgile

Re: Client-side Encryption of files

martin wrote:

This has been implemented already:
https://winscp.net/tracker/1653


Only in version 5.14 not yet released
martin

Re: Client-side Encryption of files

OK, understood. I thought that by "encrypting the file content before uploading it to a server" you mean encrypting the actual local files.
Encrypting on-the-fly makes sense. We are actually considering it.
don_

Re: Re: Client-side Encryption of files

Well, on my local computer I have several convenient ways of protecting my files (e.g. file permissions, disk encryption, filesystem encryption, etc...)
But most of them can not protect my files after they have been uploaded to a remote server. So I'd like WinSCP to protect the files I'm about to upload by encrypting them automatically.

Until now I need to manually create an encrypted copy locally + upload the encrypted local copy + delete the encrypted local copy. I have to repeat this every time I upload files. The same usability nightmare happens when downloading encrypted files.
This is very inconvenient - especially when working with lots of files and limited local disk space. Its time consuming, prone to errors and mistakes and I guess it is also why people mostly don't even consider encrypting their remote files.

Now, the idea is to let WinSCP make all the necessary steps and encrypt the files 'on-the-fly' during upload. All a users needs to do is to provide an encryption password.
Ideally decryption should also happen 'on-the-fly' during the download of an encrypted file.
So all local files are unencrypted. The user does not have to change the way they work with the local files. And all remote files are encrypted. As long as a user knows the decryption password, he will be able to browse an download these files in WinSCP and also does not have to change the way they work with the remote files.

I hope this helps to get an idea of what I propose and why.
martin

Re: Client-side Encryption of files

What exactly are you trying to solve by this feature?
don_

Client-side Encryption of files

WinSCP can protect data in transit by using encrypted transfer protocols.
What I'd like to propose is a client-side encryption feature to protect data at rest - by encrypting the file content before uploading it to a server.

I guess it is mandatory to re-use existing code for the encryption task. The cryptomator library might be an reliable option to store files in an encrypted cryptomator vault on a remote server. It looks like this is how Cyberduck implemented the encryption feature in their file transfer client.
But there might be other projects (gpg?/veracrypt?) which provide similar functionality as a cryptomator vault.