8 mins read

How to encrypt your files in the cloud using Rclone

Rclone is a wonderful tool. It is a simple script that allows you to manage your files across various cloud storage providers without any hassle. It has an intuitive command-line interface and a powerful set of features that, among other things, allow you to migrate data from one cloud remote to another, combine multiple cloud remotes with each other, and encrypt and decrypt data seamlessly. transparent. This article focuses on the last point.

Crypt is a feature of rclone that encrypts your files while they are uploaded and also decrypts them when they are downloaded. This means that the actual files that are stored in the cloud are encrypted and scrambled. It allows you to use your cloud provider as a storage service without the need to trust that they are not watching what you are uploading.

Crypt is also simple and transparent to set up, making it easy for someone with no technical crypto experience to create their own encrypted remote.

How does it work?

A crypto remote works by using a different remote and wrapping it around. Crypt, therefore, behaves as a layer that filters and modifies the data that passes through it. Before the data reaches the cloud remote, it has already been filtered and encrypted by the encryption function.

This layered approach also provides the greatest amount of flexibility when it comes to multiple remotes.

We can, for example, combine multiple remotes into a single one using rclone’s union function, then add it to a crypt remote. All data that is uploaded via the remote is encrypted and distributed across the various cloud remotes you have.

Rclone Crypt Settings

If you find those features appealing, setting up an encrypted remote is relatively simple. However, this guide assumes that you have already created your own unencrypted rclone remote. You can read our introductory guide here.

Once you have your own rclone remote, start by typing:

This will take us to the rclone configuration menu. We will create a new command by pressing N.

Rclone will ask us for the name of the command we want to configure. For this exercise, I’m going to name the remote “crypt.”

The next option will ask us for the type of command we want to configure. Type “crypt” to create the remote as a crypt.

After that, rclone will ask you for the location of the remote you want the crypt to fit on. Make sure the path points to a particular directory on the remote rather than the entire remote.

In my case, I have already created a folder called “SamaGame” on my gdrive remote. To use it, I typed gdrive:/SamaGame in the settings.

While it is possible to configure the entire remote as encrypted, doing so could create some problems with the encryption and decryption process.

Cloud storage providers may not be able to handle having an encrypted root folder. Additionally, anything uploaded outside of rclone crypt will not be encrypted and could introduce some issues with the way the encryption feature handles files.

Encryption settings

The next step will ask you for the type of filename encryption we want for our remote.

  • Standard allows full filename encryption, which will hide the file type of the files we have uploaded.
  • Obfuscate it simply “rotates” the file names. It is a simple but weak type of encryption.
  • Off will not obfuscate any filenames.

From there, rclone will ask if we want to encrypt the directory names. If you choose 1, all folder names on the remote will be encrypted. Choosing 2 won’t do it.

For the next steps, rclone will ask if we want to create our own password or let rclone generate it for us.

In my case, I will type my own password.

After that, rclone will ask us if we want to add a second password to further randomize our encryption key.

In my case, I added a second password.

Please note that these are our keys to our data. You should have a copy of these two passwords somewhere safe. Anyone who has a copy of these two passwords will be able to recreate your rclone configuration and decrypt the data on your crypt remote.

Additional settings

For the next step, rclone will ask us if we want to enter the advanced configuration menu. For the most part, we don’t need to change any of those settings.

However, if you are setting up different encryption remotes to interact with each other or if for some reason you don’t want to encrypt the data itself, you can change that setting here.

Lastly, rclone will ask us to confirm our configuration for crypto remote control. Press Y and Enter if you are happy with the current settings.

After that, rclone will now show your remote crypt. In my case it is called a crypt with the type Crypt.

Test Your New Crypt Remote

Once this is done, you can use your new crypt remote to transfer files. Do this by typing this command:

rclone -v copy /your/local/file/here/ remotename:/the/remote/location/

In my case, I copied a small file from my machine to my remote crypt. I checked if the file was copied correctly by listing the contents of the remote:

If you looked at the remote anywhere other than rclone, the file will appear with an unreadable name. For example, when I viewed my newly copied file on the Google Drive website, it showed that the uploaded file name was “nf1kktmpf95lg527ddci7s3m90.”

Congratulations! You have now made your own encrypted cloud backup. Now you can use this alone. Or, if the idea of ​​layering got you thinking about creative storage solutions, read more about cheap cloud storage providers you can use with rclone.

Frequent questions

1. Is Rclone Crypt securely encrypted?

Yes. Rclone uses XSalsa20 encryption to encrypt file content and names. It is a relatively strong encryption that consumes few system resources. The content of encrypted files is also constantly verified using Poly1305, which is a very strong encryption algorithm.

2. How would I access my files if I lost my computer?

The great thing about this process is that as long as you have taken note of both of your passwords, you can always access your data from anywhere. All you need to have is a machine that can connect to the internet and rclone.

3. Is it possible to change my password once I have set it?

No. Encryption largely depends on the password you have set. Changing the password would mean that the encryption key of the crypt would change. Therefore, any previously encrypted files will be inaccessible to you.

The way to use a new password is to create a new crypt with the new password, then decrypt the files in the old crypt and move them to the new crypt. Lastly, delete the old crypt.

Store files in the cloud fully protected using Sync

Intranet in the Cloud as an alternative to cloud storage for companies

The Meta Quest 3 will have access to Xbox Cloud Gaming cloud games

Valve ventures into cloud gaming with Steam Cloud Play

G Suite: How to quickly filter files with Google Drive Search and Cloud Search

How to set up cloud sync on Android using MobiDB

How to set up private cloud storage using a Windows 10 FTP site

Upload your printer to the cloud with your Synology NAS

How to configure your printer for Google Cloud Print

How to sync data from your Synology NAS with the Cloud