access/mount encrypted libraries/files via script #1920
Comments
|
Encrypted libraries can only be accessed securely using the clients. This is a technical limitation. |
|
So WebDAV also doesn't support encrypted libraries? FUSE, WebDAV etc. can also be seen as a client... |
no.
For secure encryption the key should never be on the server. Thus the client needs to be an application that support the decryption. FUSE, WebDAV and everything like that only runs on the server itself, thus the server would need the key and the client side encryption would be broken. If server side encryption is what you want, then just just dm-crypt / LUKS.
Whether it's read only or not is not the point here. |
So WebDAV only works on the Seafile server itself and is not possible to access it over network? According to the manual, encryption does not encrypt metadata - so folder listing etc. should be possible, files can then be transferred to the client and be extracted there... Should also work with stuff like WebDAV, FUSE, ... |
|
Please close the issue, go to the forum and discuss it there. WebDAV is a protocol. So someone defined how it works and the protocol does not include client side encryption. Of course one can access WebDAV over network but it can only work with unencrypted libraries and if it would work with encrypted libraries there Server would have to know the keys or the client would have to know how to process the data - in that case one would not talk about WebDAV anymore. |
Why would one not talk about WebDAV anymore when there are encrypted files served? WebDAV does not need to know the content of the files! |
This would break WebDAV. Of course the encrypted files can be served via webdav (and even that would not be trivial), but that's basically how the clients currently work (only difference is they receive the data accessing an api using http). The reason why WebDAV is there is that is a protocol many applications are able to use. |
|
Would still be great if you can mount your encrypted folder via WebDAV and then be able to use a simple script to decrypt your data... Further, do you know if someone is working on a fuse client which works over network? |
I've not heard of something like that, so very unlikely.
You can just rsync the data from your server to somewhere else. I doubt there are other users requesting something like this and using a simple script would not be possible (because the task is not simple). |
But then I do have to parse metadata myself? |
|
If you need it, yes. If the target is to have encrypted files with their proper name on the disk, then you won't reach it. Seafile stores data in blocks and these blocks are encrypted. |
That's why I hoped to find some component which does this meta file handling for me... Can I use encrypted files in combination with the WebAPI? Are there Python/Javascript bindings to easily use the WebAPI with encrypted files? |
|
Why does my Python script on another server care about the folder structure of the actual Seafile server? What I would like to see?
|
|
This one is the correct link: https://github.com/haiwen/seafile-server/blob/master/python/seaserv/api.py |
|
How to use it? Where do I for example specify the domain, port etc. of my server? I hoped to find something similar to the documentation of Dropbox Python SDK... |
|
The Python API at https://manual.seafile.com/develop/python_api.html is to be called locally. |
|
What about haiwen/python-seafile? At least I found some low level examples on Python usage of the web API, but far away from an SDK... Further, how is encryption handled in WebAPI? |
These are things I don't know.
It is possible to let the server do it but one can also download the blocks manually (as the client does) and decrypt them locally. In this PR client side encryption was implemented for android. haiwen/seadroid#487 |
I asked directly in this repository haiwen/python-seafile#4...
Is there any documentation on how to retrieve the blocks? The WebAPI does not seem to have this feature... |
|
Having a look at https://github.com/haiwen/seadroid/pull/487/files#diff-1f8624957cfcb752ae968c887aad3583R483 it looks like documentation is missing. |
darkdragon-001
changed the title
|
With no documentation it is hard for me to contribute anything... Seems like encryption is in a very early state and not yet really usable. Probably, I just have to wait some more years for Seafile to be ready for it... |
I decided to do pull backup (instead of push ones) for security reasons. This means my backup server has access to Seafile to pull the data, my Seafile server does not have access to my backup server. This way my backup is still safe even if my Seafile server is compromised.
Further, I want to combine this with the encrypted user data extension so that user data is still safe even if my Seafile server is compromised.
Meeting these goals would also allow me to use hosted (untrusted) seafile providers.
First, I thought about FUSE (read-only is fine), but then noticed that the current implementation can neither access encrypted data, nor can be used on a remote server...
So am I stuck with using (slow) WebDAV connection to access my encrypted Seafile shares?
The text was updated successfully, but these errors were encountered: