Client-side Encryption of files

Advertisement

don_
Guest

Client-side Encryption of files

WinSCP can protect data in transit by using encrypted transfer protocols.
What I'd like to propose is a client-side encryption feature to protect data at rest - by encrypting the file content before uploading it to a server.

I guess it is mandatory to re-use existing code for the encryption task. The cryptomator library might be an reliable option to store files in an encrypted cryptomator vault on a remote server. It looks like this is how Cyberduck implemented the encryption feature in their file transfer client.
But there might be other projects (gpg?/veracrypt?) which provide similar functionality as a cryptomator vault.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
27,253
Location:
Prague, Czechia

Re: Client-side Encryption of files

What exactly are you trying to solve by this feature?

Reply with quote

don_
Guest

Re: Re: Client-side Encryption of files

Well, on my local computer I have several convenient ways of protecting my files (e.g. file permissions, disk encryption, filesystem encryption, etc...)
But most of them can not protect my files after they have been uploaded to a remote server. So I'd like WinSCP to protect the files I'm about to upload by encrypting them automatically.

Until now I need to manually create an encrypted copy locally + upload the encrypted local copy + delete the encrypted local copy. I have to repeat this every time I upload files. The same usability nightmare happens when downloading encrypted files.
This is very inconvenient - especially when working with lots of files and limited local disk space. Its time consuming, prone to errors and mistakes and I guess it is also why people mostly don't even consider encrypting their remote files.

Now, the idea is to let WinSCP make all the necessary steps and encrypt the files 'on-the-fly' during upload. All a users needs to do is to provide an encryption password.
Ideally decryption should also happen 'on-the-fly' during the download of an encrypted file.
So all local files are unencrypted. The user does not have to change the way they work with the local files. And all remote files are encrypted. As long as a user knows the decryption password, he will be able to browse an download these files in WinSCP and also does not have to change the way they work with the remote files.

I hope this helps to get an idea of what I propose and why.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,253
Location:
Prague, Czechia

Re: Client-side Encryption of files

OK, understood. I thought that by "encrypting the file content before uploading it to a server" you mean encrypting the actual local files.
Encrypting on-the-fly makes sense. We are actually considering it.

Reply with quote

Advertisement

You can post new topics in this forum