Sync data to encrypted NAS folder automatically

[Olotila]

I have Synology 212j NAS and Ubuntu 16.04.

 

Is it possible to synchronize a folder from my computer to NAS so that data is encrypted in NAS? And do this weekly? And automatically?

 

I have done this by mounting encrypted folder from my NAS and using a key which is encrypted in my home folder. This is tedious and I lost a month worth of data because I got lazy doing this manually. This would be a good way to backup my data if I was able to do this automatically, or at least semi automatically.

 

So how can I avoid losing data again and still keep being lazy?

[Mikensan]

Encrypted with bitlocker on your computer or using a third party app in which you need to use a password to unlock it?

[dalekphalm]

48 minutes ago, Olotila said:

I have Synology 212j NAS and Ubuntu 16.04.

 

Is it possible to synchronize a folder from my computer to NAS so that data is encrypted in NAS? And do this weekly? And automatically?

 

I have done this by mounting encrypted folder from my NAS and using a key which is encrypted in my home folder. This is tedious and I lost a month worth of data because I got lazy doing this manually. This would be a good way to backup my data if I was able to do this automatically, or at least semi automatically.

 

So how can I avoid losing data again and still keep being lazy?

The problem here is that you want it to be both simultaneously secure, and convenient.

 

If it's convenient, it's probably not very secure.

 

I'd suggest trying to encrypt the files with Bitlocker, then simply copying said files to the NAS - your computer will handle the bitlocker encryption, and you won't have to worry about the NAS encrypting the files.

 

Someone with a Synology unit should be able to help a bit better though.

[brwainer]

I have no idea if your NAS supports it, but Bittorrent Sync now has support for encrypted folders. Basically, data is always encrypted in transmission, but a system designated as an encrypted copy just isn't given the decryption key for the data, so it gets stored on disk encrypted (by comparison, Read Only and Full peers have the decryption key and store the data on disk unencrypted)

[Olotila]

Bittorrent sync seems interesting. Works on Ubuntu too.

 

So the sync process would be like: start BtS, give it the encryption key, hit run? That would be wonderful.

 

That is after the initial setup is done. And the end result would be that no matter where my NAS is, nobody would be able to access my files easily? Without key that is.

[brwainer]

1 hour ago, Olotila said:

Bittorrent sync seems interesting. Works on Ubuntu too.

 

So the sync process would be like: start BtS, give it the encryption key, hit run? That would be wonderful.

 

That is after the initial setup is done. And the end result would be that no matter where my NAS is, nobody would be able to access my files easily? Without key that is.

On the first computer you just tell it what folder you want to sync (note that they have two modes: A dropbox like mode where you have a folder that follows around wherever you sign in with an account, or "Legacy Folders" that let you choose any location and are managed by long keys and not a username). Once you've added the folder on the first computer, it will give you three keys: a Read-Write key (allows any device with the key to add and update files), a Read-Only key (allows devices with the key to read files, any changes that are made locally are ignored and may get overwritten if the file changes on a Read-Write device), and an Encrypted key (a Read-Only device that isn't able to decrypt the files).

 

When you enter one of the keys into a second device, the two find each other and transfer data using all the clever tricks of modern BitTorrent, with additional security features added in (part of the keys is also a unique identifier for the folder, along with the encryption). They will use the shortest path possible, meaning you get transfers as fast as your LAN if they are on the same network. How you transfer the key from one device to another is up to the user to figure out, if not using the Dropbox-like username-based functionality.

 

Any Read-Write device can give you any of the keys. An Encrypted device can only give you back the Encrypted key. A Read-only device can't give you the Read-Write key. I'm not sure it a Read-only device can give you the Encrypted key. Also remember if you're using an Encrypted folder, to back up the Read-Write or Read-Only key somewhere else. If all of your devices other than the one with the Encrypted key fail, you will have no way to retrieve your data.

[brwainer]

I can't edit my message from my iphone because it isn't saving, so I'm sorry for the doible post.

 

Just to give you an idea of how I'm using BTsync, here are my devices:

Personal/Gaming/Video Editing desktop

Work/Light Personal Desktop

Personal/Work Laptop

Local backup/NAS server

Remote backup/NAS server (at my grandparent's house >300 miles away)

here are the folders I currently have:

AV projects - any of the audio/video projects I'm working on, currently 10GB and 20,000 files; synced read-write on my two desktops and my laptop, and read-only on my two backup servers

Desktop Backgrounds - a 6GB folder of >4000 images that all my computers are set to use in slideshow mode; same syncing as the AV folder

Network Backups - this is the folder that all my computers back up to on the NAS, currently 150GB and several hundred thousand files; synced read-write on both servers - in the future I might split this into two folders, each of which is writable on one end only.

Plex Media - all the media for my plex server, 700GB and ~800 files; read-write on both servers

Personal NAS folders - each family member that wants one gets a personal folder on the NAS that is synced between the two servers, and their own computer(s) if they desire.

 

BTsync has an Archive feature that will keep deleted or changed files for by default 30 days. The setting is controlled on each device on a per-folder level. I disable it because I have my own backup strategies in place on each server - while BTsync is crucial to my backs (it's how data gets from one server to the other) it isn't actually my backups.

[Olotila]

Thank you brwainer, I can see I could use this to sync my photos from my phone to my computer, but I do not see how I could have unencrypted folder in my computer and have contents of that folder encrypted in NAS. If you explained that in there I'm sorry I missed it.

I have my important stuff in ZFS mirror unencrypted to maximize availability, but I do not want that to be the case in the NAS. So is it possible to have the data unencrypted in computer but encrypted in NAS?

[Lurick]

7 minutes ago, Olotila said:

Thank you brwainer, I can see I could use this to sync my photos from my phone to my computer, but I do not see how I could have unencrypted folder in my computer and have contents of that folder encrypted in NAS. If you explained that in there I'm sorry I missed it.

I have my important stuff in ZFS mirror unencrypted to maximize availability, but I do not want that to be the case in the NAS. So is it possible to have the data unencrypted in computer but encrypted in NAS?

Perhaps I missed it and I'm sorry if I did but does the data go to the NAS and then a process on the NAS encrypts the files or do you need them to be encrypted as they are transferred from the computer to the NAS?

[Olotila]

Preferably encrypted on my computer, so that they are encrypted in transit and in NAS. I think I found the encryption bit in BTsync, it has Encrypted folder in Add Folder-menu ... I'm gonna look into it.

[Lurick]

5 minutes ago, Olotila said:

Preferably encrypted on my computer, so that they are encrypted in transit and in NAS. I think I found the encryption bit in BTsync, it has Encrypted folder in Add Folder-menu ... I'm gonna look into it.

If they are already encrypted on the local machine you could also look at something like MirrorFolder, it's not free but it is pretty powerful.

[Olotila]

Sorry I was unclear, the process of encrypting should be done in my computer. Data is not in encrypted format in my computer.

[Olotila]

I am not sure if my NAS even supports BTsync, here are supported devices
http://help.getsync.com/hc/en-us/articles/206215185-Synology#dl

 

And here are architechtures
https://github.com/SynoCommunity/spksrc/wiki/Architecture-per-Synology-model

 

So my 212j has 88f6281 (88f628x) architechture, what ever that means, but it does not appear in above list.

 

... nvm, found it ...

[Olotila]

Now I have BTsync working but I do not have a permission to create encrypted folder in NAS. I have the gui working in http://192.168.xxx.xxx:8890/gui/, but the thing about users is confusing. What kind of users should I create? I do think I got same user in BTs and NAS, but stuff does not work. I even searched BING for help

 

[brwainer]

I did talk about how the encrypted folders work but I never talked about your particular NAS. That is because the extent of my knowledge of BTsync on NASs is that some can do it and some can't. I really can't offer any help in that regard.

 

All BTSync transmissions are encrypted before sending from whichever device has the new or updated data to sync to the other(s) (there is an option to disable encryption if the two devices are in the same subnet and can communicate directly, but it's off by default). So all an Encrypted folder does is simply store the data as it is received - it has no way to decrypt the data.

 

I see you at least got BTsync started on your NAS. You're going to have to look towards the support communities for your NAS and for BTSync for further help.

[Olotila]

Yeah, I got it. Thanks for pointing me to the right direction. This is exactly what I hoped, or maybe even better. I do not have to do anything and my data gets encrypted in my NAS while staying unencrypted on my desktop computer.