- martin
Post a reply
Topic review
- martin
Re: Re: Client-side Encryption of files
@Guest: Sure, but each protocol requires some effort.
I have added FTP and WebDAV support to the tracker:
Issue 2150 – File encryption for FTP
Issue 2151 – File encryption for WebDAV
You can vote for it there.
I have added FTP and WebDAV support to the tracker:
Issue 2150 – File encryption for FTP
Issue 2151 – File encryption for WebDAV
You can vote for it there.
- Guest
Re: Re: Client-side Encryption of files
As for me S3 and WebDAV, but I think this should be for each supported.
- martin
Re: Re: Client-side Encryption of files
@virgile: What protocol are you interested in?
See also A seamless encrypted backup copy of your files on an SFTP server : QUESTION
See also A seamless encrypted backup copy of your files on an SFTP server : QUESTION
- virgile
Re: Re: Client-side Encryption of files
It is limited to SFTP...
Cyberduck offers a transparent encryption using cryptomator for any protocol. I wish WinSCP would go in that way.
Cyberduck offers a transparent encryption using cryptomator for any protocol. I wish WinSCP would go in that way.
- martin
Re: Re: Client-side Encryption of files
@Fuana: OK, but that's effectively the same what the file encryption in 5.14 beta does already.
- martin
Re: Client-side Encryption of files
@virgile: 5.14 beta has been released few months ago:
https://winscp.net/eng/downloads.php
https://winscp.net/eng/downloads.php
- Fuana
Re: Re: Client-side Encryption of files
@don_: here could be an extension to the "Zip And Upload" command that would allow to zip (no compress) individual files within a folder and password protect them. As the Zip protocol is available freely, then decrypting the files can be done on the fly
- virgile
Re: Client-side Encryption of files
Only in version 5.14 not yet released.
And only for SFTP (no FTP or WebDAV).
And only for SFTP (no FTP or WebDAV).
- martin
Re: Client-side Encryption of files
This has been implemented already:
Issue 1653 – Allow encrypting files when storing them on server
Issue 1653 – Allow encrypting files when storing them on server
- martin
Re: Client-side Encryption of files
OK, understood. I thought that by "encrypting the file content before uploading it to a server" you mean encrypting the actual local files.
Encrypting on-the-fly makes sense. We are actually considering it.
Encrypting on-the-fly makes sense. We are actually considering it.
- don_
Re: Re: Client-side Encryption of files
Well, on my local computer I have several convenient ways of protecting my files (e.g. file permissions, disk encryption, filesystem encryption, etc...)
But most of them can not protect my files after they have been uploaded to a remote server. So I'd like WinSCP to protect the files I'm about to upload by encrypting them automatically.
Until now I need to manually create an encrypted copy locally + upload the encrypted local copy + delete the encrypted local copy. I have to repeat this every time I upload files. The same usability nightmare happens when downloading encrypted files.
This is very inconvenient - especially when working with lots of files and limited local disk space. Its time consuming, prone to errors and mistakes and I guess it is also why people mostly don't even consider encrypting their remote files.
Now, the idea is to let WinSCP make all the necessary steps and encrypt the files 'on-the-fly' during upload. All a users needs to do is to provide an encryption password.
Ideally decryption should also happen 'on-the-fly' during the download of an encrypted file.
So all local files are unencrypted. The user does not have to change the way they work with the local files. And all remote files are encrypted. As long as a user knows the decryption password, he will be able to browse an download these files in WinSCP and also does not have to change the way they work with the remote files.
I hope this helps to get an idea of what I propose and why.
But most of them can not protect my files after they have been uploaded to a remote server. So I'd like WinSCP to protect the files I'm about to upload by encrypting them automatically.
Until now I need to manually create an encrypted copy locally + upload the encrypted local copy + delete the encrypted local copy. I have to repeat this every time I upload files. The same usability nightmare happens when downloading encrypted files.
This is very inconvenient - especially when working with lots of files and limited local disk space. Its time consuming, prone to errors and mistakes and I guess it is also why people mostly don't even consider encrypting their remote files.
Now, the idea is to let WinSCP make all the necessary steps and encrypt the files 'on-the-fly' during upload. All a users needs to do is to provide an encryption password.
Ideally decryption should also happen 'on-the-fly' during the download of an encrypted file.
So all local files are unencrypted. The user does not have to change the way they work with the local files. And all remote files are encrypted. As long as a user knows the decryption password, he will be able to browse an download these files in WinSCP and also does not have to change the way they work with the remote files.
I hope this helps to get an idea of what I propose and why.
- martin
Re: Client-side Encryption of files
What exactly are you trying to solve by this feature?
- don_
Client-side Encryption of files
WinSCP can protect data in transit by using encrypted transfer protocols.
What I'd like to propose is a client-side encryption feature to protect data at rest - by encrypting the file content before uploading it to a server.
I guess it is mandatory to re-use existing code for the encryption task. The cryptomator library might be an reliable option to store files in an encrypted cryptomator vault on a remote server. It looks like this is how Cyberduck implemented the encryption feature in their file transfer client.
But there might be other projects (PGP/VeraCrypt?) which provide similar functionality as a cryptomator vault.
What I'd like to propose is a client-side encryption feature to protect data at rest - by encrypting the file content before uploading it to a server.
I guess it is mandatory to re-use existing code for the encryption task. The cryptomator library might be an reliable option to store files in an encrypted cryptomator vault on a remote server. It looks like this is how Cyberduck implemented the encryption feature in their file transfer client.
But there might be other projects (PGP/VeraCrypt?) which provide similar functionality as a cryptomator vault.