Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Encryption consistency issues with untrusted devices

See original GitHub issue

Description of the issue

I have set up three Syncthing instances: One running on my laptop (v1.16.1 on ArchLinux), one running on my Android smartphone (Syncthing-Fork v1.16.0.3 from Google Play) and another one on a server based on Syncthing’s Docker image.

The instance running on a server is marked as untrusted and I have set up passwords for all folders shared with it (for Syncthing-Fork I had to go through the Web-UI to do this). All folders are set up as “Receive Encrypted” on the server instance.

This worked successfully for a few hours, but recently I started getting the following message on the server instance:

Failure checking encryption consistency with device pixel5.DOMAIN for folder “Keepass” (keepass): folder is configured to be encrypted but not announced thus

Reproduction Steps

This might turn out to be difficult due to the fact that everything seems to work fine for a while until the encryption property is suddenly dropped.

Version Information

App Version: 1.16.0.3
Syncthing Version: v1.16.0 (app), v1.16.1 (Linux)
Android Version: Android 11
Device manufacturer: Google
Device model: Pixel 5

Device platform info

[ro.product.board]: [redfin]
[ro.product.brand]: [google]
[ro.product.build.date]: [Fri Apr  2 19:16:07 UTC 2021]
[ro.product.build.date.utc]: [1617390967]
[ro.product.build.fingerprint]: [google/redfin/redfin:11/RQ2A.210505.003/7255357:user/release-keys]
[ro.product.build.id]: [RQ2A.210505.003]
[ro.product.build.tags]: [release-keys]
[ro.product.build.type]: [user]
[ro.product.build.version.incremental]: [7255357]
[ro.product.build.version.release]: [11]
[ro.product.build.version.release_or_codename]: [11]
[ro.product.build.version.sdk]: [30]
[ro.product.cpu.abi]: [arm64-v8a]
[ro.product.cpu.abilist]: [arm64-v8a,armeabi-v7a,armeabi]
[ro.product.cpu.abilist32]: [armeabi-v7a,armeabi]
[ro.product.cpu.abilist64]: [arm64-v8a]
[ro.product.device]: [redfin]
[ro.product.first_api_level]: [30]
[ro.product.locale]: [en-US]
[ro.product.manufacturer]: [Google]
[ro.product.model]: [Pixel 5]
[ro.product.name]: [redfin]
[ro.product.odm.brand]: [google]
[ro.product.odm.device]: [redfin]
[ro.product.odm.manufacturer]: [Google]
[ro.product.odm.model]: [Pixel 5]
[ro.product.odm.name]: [redfin]
[ro.product.product.brand]: [google]
[ro.product.product.device]: [redfin]
[ro.product.product.manufacturer]: [Google]
[ro.product.product.model]: [Pixel 5]
[ro.product.product.name]: [redfin]
[ro.product.system.brand]: [google]
[ro.product.system.device]: [generic]
[ro.product.system.manufacturer]: [Google]
[ro.product.system.model]: [mainline]
[ro.product.system.name]: [mainline]
[ro.product.system_ext.brand]: [google]
[ro.product.system_ext.device]: [redfin]
[ro.product.system_ext.manufacturer]: [Google]
[ro.product.system_ext.model]: [Pixel 5]
[ro.product.system_ext.name]: [redfin]
[ro.product.vendor.brand]: [google]
[ro.product.vendor.device]: [redfin]
[ro.product.vendor.manufacturer]: [Google]
[ro.product.vendor.model]: [Pixel 5]
[ro.product.vendor.name]: [redfin]
[ro.product.vndk.version]: [30]

Android Log

Issue Analytics

State:
Created 2 years ago
Reactions:3
Comments:7 (5 by maintainers)

Top GitHub Comments

1reaction

Catfriend1commented, Sep 11, 2021

Thanks, seems like I need to still do this sometime when possible.

1reaction

nunesghcommented, Sep 11, 2021

Hi @Catfriend1!

I can confirm that changes to a folder using the Android UI instead of the Web UI is what causes all encrypted folders to have their passwords erased in Syncthing-Fork.

I have a configuration similar to the following one. Dotted lines are E2EE. All folders in safe devices have two E2EE shares with unsafe devices and one normal share with a safe device. Unsafe devices also share their encrypted folders between them.

I updated Folder 2 in Syncthing-Fork (ST-F) using the Android UI to add an Ignore Pattern to it. As a result, passwords for Folder 1 and Folder 2 were erased from ST-F and I had to re-add the passwords through the Web UI to restore E2EE sync with the unsafe devices.

Otherwise, the setup has been working as expected if no changes are made in ST-F through the Android UI.

Thank you for your attention.

Top Results From Across the Web

Issue setting up encrypted share (untrusted server) - Support

At server: Accept new share. The result is an error at the client: Failure checking encryption consistency with device my_untrusted_server for ...

Configuring SyncThing Untrusted (Encrypted) Devices

Open Source File Sync: Getting Started Tutorial With Syncthing on Windows ...

Encryption with Untrusted Keys: Security against Chosen ...

Abstract. In Public-Key Encryption, traditionally no security is expected if honest parties use keys provided by an adversary. In this work, we re-examine ......

Secured Data Consistency and Storage Way in Untrusted ...

Data access control has become a very challenging issue in public cloud storage systems. Nowadays CiphertextPolicy Attribute-Based Encryption ( ...

US10073981B2 - Controlling secure processing of confidential data ...

The number of transmissions may be controlled by receiving, from the untrusted device, an encrypted key value of a key and a representation...