Customer encryption keys for cloud storage

English Support for Cloud Storage
Post Reply
sanferno
Posts: 4
Joined: Thu Apr 09, 2020 5:34 pm

Customer encryption keys for cloud storage

Post by sanferno »

Hi,

I would like to request if it would be possible to implement customer encryption for Google Cloud Storage, Microsoft Azure Storage and S3. Without knowing the details of how the upload are performed internally by Syncovery, from a CLI point of view it consists in adding an extra encryption key as another parameter. Here are some references to documentation:

GCP: https://cloud.google.com/storage/docs/e ... yption_key
Azure: https://docs.microsoft.com/en-us/azure/ ... ys-preview
S3: https://docs.aws.amazon.com/AmazonS3/la ... rKeys.html

Will it be difficult to implement? In case it would be possible, how long will it take?

I'm a new costumer and I love the software so far, but I'm not using it for cloud storage for this reason. I could give more details and reasons to use those keys, but I guess this is just a good way to start :)

Kind regards.

tobias
Posts: 320
Joined: Tue Mar 31, 2020 7:37 pm

Re: Customer encryption keys for cloud storage

Post by tobias »

Hello,
many thanks, that's very interesting! I will surely implement it. I just have to finish and release Syncovery 9 first.

Just so everybody is aware of it, Syncovery can do the same AES-256 encryption itself without using these cloud features. That way, the encryption is done before the data is sent over the Internet. Most customers actually prefer that, rather than trusting the cloud service to receive unencrypted data and then encrypt it.

There are two container types to choose from for AES encryption: zip and Sz.

The zip format is a standardized format for compressed and encrypted files. These files can be decrypted with many other tools. The disadvantage is that local temporary files are necessary (a local zip file is created, then uploaded, and then deleted from the temp folder).

The Sz format is proprietary and can only be unpacked by Syncovery itself at this time. The advantage is that it features more advanced compression algorithms, such as Ultrafast (which uses almost no CPU). It also does not need temporary files on disk - the encryption and compression is streamed directly from the source file to the Internet. Even though only Syncovery can unpack these files, I don't see any risk that in 10 or even 20 years from now you would not be able to do it. Syncovery will still exist, and even old Syncovery versions will run on new Windows versions for many many years in the future. Syncovery also does not depend on any of our Internet servers for activation. I do plan to release a free command line tool or simple archiving tool with a GUI some time, to provide another way to access Sz files.

sanferno
Posts: 4
Joined: Thu Apr 09, 2020 5:34 pm

Re: Customer encryption keys for cloud storage

Post by sanferno »

Thanks for the time you took on explaining the different options. I find specially interesting the one on SZ format as I was concerned about its future compatibility being a proprietary format only used by Syncovery.

So far I use CLI tools provided by Google, Microsoft or AWS to manage my backups in the cloud as I see them as a long lasting solution for data storage that, in theory, should last longer as they are they foundation of their storage services. They also seem to integrate better with lifecycle management BUT, they incur in charges when comparing local with cloud files (read operations). In this sense, Syncovery it's way better as it keeps a local database that not only avoid incurring those charges but also being way quicker to know which files are going to be backed up. At the same time, Syncovery gives you the option the check previously which files are going to be copied/deleted, allowing to prevent unwanted deletions and have a better control the backup process. On the other hand, using ZIP and SZ adds a unique code to the name of each file that affects the way lifecycle rules work.

Using Syncovery and the customer encryption keys these companies offer I would be getting the best of both worlds. As I said in my previous message, without knowing the in and outs of how Syncovery copies data to GCS, Azure or AWS, this encryption is just one more parameter in CLI tools. I'm not rushing you of course, just suggesting it would be a nice addition and maybe not consuming much of your time.

I hope you find it useful. Thank

Post Reply