Client-side Encryption of files

Advertisement

don_
Guest

Client-side Encryption of files

WinSCP can protect data in transit by using encrypted transfer protocols.
What I'd like to propose is a client-side encryption feature to protect data at rest - by encrypting the file content before uploading it to a server.

I guess it is mandatory to re-use existing code for the encryption task. The cryptomator library might be an reliable option to store files in an encrypted cryptomator vault on a remote server. It looks like this is how Cyberduck implemented the encryption feature in their file transfer client.
But there might be other projects (PGP/VeraCrypt?) which provide similar functionality as a cryptomator vault.

Reply with quote

Advertisement

don_
Guest

Re: Re: Client-side Encryption of files

Well, on my local computer I have several convenient ways of protecting my files (e.g. file permissions, disk encryption, filesystem encryption, etc...)
But most of them can not protect my files after they have been uploaded to a remote server. So I'd like WinSCP to protect the files I'm about to upload by encrypting them automatically.

Until now I need to manually create an encrypted copy locally + upload the encrypted local copy + delete the encrypted local copy. I have to repeat this every time I upload files. The same usability nightmare happens when downloading encrypted files.
This is very inconvenient - especially when working with lots of files and limited local disk space. Its time consuming, prone to errors and mistakes and I guess it is also why people mostly don't even consider encrypting their remote files.

Now, the idea is to let WinSCP make all the necessary steps and encrypt the files 'on-the-fly' during upload. All a users needs to do is to provide an encryption password.
Ideally decryption should also happen 'on-the-fly' during the download of an encrypted file.
So all local files are unencrypted. The user does not have to change the way they work with the local files. And all remote files are encrypted. As long as a user knows the decryption password, he will be able to browse an download these files in WinSCP and also does not have to change the way they work with the remote files.

I hope this helps to get an idea of what I propose and why.

Reply with quote

martin
Site Admin
martin avatar

Re: Client-side Encryption of files

OK, understood. I thought that by "encrypting the file content before uploading it to a server" you mean encrypting the actual local files.
Encrypting on-the-fly makes sense. We are actually considering it.

Reply with quote

Advertisement

virgile
Guest

Re: Client-side Encryption of files

Only in version 5.14 not yet released.

And only for SFTP (no FTP or WebDAV).

Reply with quote

Fuana
Joined:
Posts:
3
Location:
Canada

Re: Re: Client-side Encryption of files

@don_: here could be an extension to the "Zip And Upload" command that would allow to zip (no compress) individual files within a folder and password protect them. As the Zip protocol is available freely, then decrypting the files can be done on the fly

Reply with quote

Advertisement

virgile
Guest

Re: Re: Client-side Encryption of files

It is limited to SFTP...
Cyberduck offers a transparent encryption using cryptomator for any protocol. I wish WinSCP would go in that way.

Reply with quote

Advertisement

Advertisement

You can post new topics in this forum