Feature request: Encrypted configuration file instead of registry use

[Freeedim]

I understand CryptSync is not meant to carry out local protection. But as is, CryptSync actually defeats some basic local protection strategies meant to prevent access to the decrypted folder (in case the computer is stolen, infected or otherwise accessed). For example:

1. If we want to enclose the original folder (and possibly the encrypted one too) in an encrypted container (like VeraCrypt);
2. If we want to have the original and/or encrypted folder on a removable drive.

In both cases, the attacker just has to open CryptSync or the registry, see the paths and re-create them so that the cloud synchronises again and the decrypted data too (without even knowing the password).

I think the solution could consist in 3 elements:

• When creating a new pair, a new free-text field asking for a label (i.e. a name) for the created pair
• A configuration file instead of Registry. It could be a CSV file with columns like: "ID,label,encrypted_original_path,encrypted_encrypt_path,password_hash,salt" ; I think the 2 paths should be encrypted with the password provided by the user for the encryption.
• The panel displaying all the pairs in the GUI replaced by a panel displaying only labels. If the user wants to see the paths (or otherwise edit the pair), they must click on the label and enter the password first.

The location of the configuration file might even be configurable (for convenience, since I don't see any reason related to security to do that).

[sergeevabc]

Keeping password in registry is a red flag not to use the app further, alas.

[stefankueng]

@sergeevabc just FYI: while the data is stored in the registry, the passwords are stored there encrypted.