rcloneExplorer icon indicating copy to clipboard operation
rcloneExplorer copied to clipboard

Published 20 hours ago verified publisher icon patrykcoding

Ask for PW of rclone configuration

Open allanb2 opened this issue 7 years ago • 4 comments
trafficstars

Testing an encrypted Google Drive remote, using v1.42-DEV on LineageOS.

Created a Google Drive remote and the encrypted it with rclone browser on Linux. rclone config file on Linux was password protected.

Imported config file from Linux. Can access encrypted GDrive fine, but rclone explorer does not ask for Config password.

Shouldn't rclone explorer ask for Config password at every startup/sleep in order to protect the encrypted Google Drive?

BTW, Thanks so much for this app.

allanb2 avatar Jul 23 '18 22:07 allanb2

When you import an encrypted config file, it is saved to app's private data folder and then decrypted. So the decrypted config file can't be viewed by any other app. In the future I am planning on adding password protection feature to the app so that password would be required on startup, independent of config password.

patrykcoding avatar Jul 24 '18 21:07 patrykcoding

OK thanks for the quick response.

I guess my main concern is that the config file is stored unencrypted, which leaves the rclone-crypt remote information easily accessible. If someone had access to my unlocked phone for 5 minutes, they could easily export the rclone-explorer config and transfer it out to another device. Run rclone on that second device and they have complete access to my rclone-crypt remote.

In the meantime, I'll just export the config; edit it to change a few characters of the rclone-crypt password information and import the bad config. If I need access to the rclone-crypt remote, I can reverse the changes and get access again.

allanb2 avatar Jul 24 '18 22:07 allanb2

Whole-app password protection is at the top of my todo list. I just don't have as much time as I used to.

In the meantime, there are apps on the Play Store that can lock access to specific apps. It might be more convenient than having two config remotes.

Also, if you do decide on having a "fake" config file, you don't need to edit it. You could just delete the crypt remote straight from the app (from the Remotes screen press the three dots next to a remote and press delete). And then just import the encrypted config file whenever you need your crypt remote.

patrykcoding avatar Jul 24 '18 23:07 patrykcoding

Ahh, good idea. I keep forgetting that Delete Remote just deletes the entry from the configuration file, not the actual rclone-crypt remote itself.

Thanks and I look forward to when you can implement whole-app password protection.

allanb2 avatar Jul 25 '18 19:07 allanb2