You can use syncrypto to encrypt a folder to another folder which contains the corresponding encrypted content.
The most common scenario is:
syncrypto syncrypto plaintext folder A <-------------> encrypted folder B <-----------> plaintext folder C in machine X in cloud storage in machine Y
The files in encrypted folder B are encrypted, so you can store it in any unsafe environment, such as cloud service(Dropbox/OneDrive), USB storage or any other storage that you can not control.
Each plaintext file has a corresponding encrypted file in the encrypted folder, so if you modify one file in plaintext folder, there will be only one file modified in the encrypted folder after synchronization. This make sure the synchronization only changes the necessary content in encrypted folder, and is very useful for file based cloud storage service to synchronizing minimal contents.
The synchronization is two-way, files not only syncing from plain text folder to encrypted folder, but also syncing from encrypted folder to plain text folder. syncrypto will choose the newest file.
If conflict happens, syncrypto will rename the plaintext file(add ‘conflict’ word in it), and sync the encrypted file.
syncrypto never delete files, if files or folders should be deleted or over written by the syncing algorithm, syncrypto just move the files or folders to the trash, the trash in encrypted folder located at _syncrypto/trash, at .syncrypto/trash in plaintext folder. Files in encrypted folder’s trash are also encrypted. You can delete any files in trash in any time if you make sure the files in it are useless.
syncrypto supports both python 2 and python 3, and is tested in:
And support Linux, OS X, Windows operating systems
If you are using windows, just jump to next
Because syncrypto rely on cryptography , so need to install some dependencies before install syncrypto:
For Debian and Ubuntu, the following command will ensure that the required dependencies are installed:
sudo apt-get install build-essential libssl-dev libffi-dev python-dev
For Fedora and RHEL-derivatives, the following command will ensure that the required dependencies are installed:
sudo yum install gcc libffi-devel python-devel openssl-devel
For OS X, run:
After installing all dependencies, you can install syncrypto by pip :
pip install syncrypto
or update by:
pip install -U syncrypto
syncrypto [encrypted folder] [plaintext folder]
It will prompt you to input a password, if the encrypted folder is empty, the input password will be set to the encrypted folder, or it will be used to verify the password you set before (take it easy, syncrypto never store plaintext password)
If you don’t want input password in interactive mode, you can use –password-file option:
syncrypto [encrypted folder] [plaintext folder] --password-file [password file path]
The password file contains the password in it.
Notice that the first argument is encrypted folder, and the second one is plaintext folder.
Sometimes, it is unnecessary to encrypt and sync some files (for example, some temporary files), if you want ignore these files, you can add rule:
syncrypto [encrypted folder] [plaintext folder] --rule 'ignore: name match *.swp'
the command above ignores files which name matches *.swp
You can add rules multiple times:
syncrypto [encrypted folder] [plaintext folder] --rule 'include: name eq README.md' --rule 'ignore: name match *.md'
the command above ignores files matching “*.md” but includes files named “README.md”.
The rules are ordered, it means that the rules in front have higher priority than later, if a rule matches, the matching process will returned immediately.
You can add rules in a file looks like:
include: name eq README.md # ignore all markdown files, this is a comment ignore: name match *.md
and use the rules by “–rule-file” option:
syncrypto [encrypted folder] [plaintext folder] --rule-file [rule file path]
the default rule file path is “[plaintext folder]/.syncrypto/rules”, so you can add rules in “[plaintext folder]/.syncrypto/rules”, and don’t need specify the “–rule-file” option explicitly.
If you give some rules in command line, and write some rules in rule file at the same time, the rules in command line will have higher priority than rules in file.
The format of a rule:
[action]: [file attribute] [operand] [value]
action can be include, exclude, ignore
include means the file matching the rule will syncing, exclude means the file matching the rule will not syncing.
ignore equals exclude.
syncrypto supports a lot of file attributes while matching rules, the complete list is:
The unit of value in size rules are “byte” by default, you can also use “K”, “M” “G”, for example specify the value “2K” means 2048 bytes
The format of value in ctime, mtime is “%Y-%m-%d %H:%M:%S”
syncrypto --encrypt-file [plaintext file path]
This command will encrypt the plaintext file to its parent folder with the filename add a “encrypted” word
You can also specify the target encrypted file by –out-file option, such as:
syncrypto --encrypt-file [plaintext file path] --out-file [encrypted file path]
syncrypto --decrypt-file [encrypted file path]
This command will decrypt the encrypted file to current working directory
You can also specify the target plaintext file by –out-file option, such as:
syncrypto --decrypt-file [encrypted file path] --out-file [plaintext file path]
syncrypto --change-password [encrypted folder]
Change the password of the encrypted folder, this will re-encrypt all files within the encrypted folder
Apache License, Version 2.0