Anyone using DroidFS to Linux desktop sync (via Syncthing) successfully? Tips?

I want to set up (DroidFS cryfs) to (Fedora cryfs) via Syncthing but it is not working. Wondering if anyone here has made this work. I’m not finding answers on Github, Reddit, elsewhere so far.

Details:

I’ve installed cryfs on Fedora (1). I can set up a volume on DroidFS with cryfs, sync it via Syncthing and then open the volume on Fedora with SiriKali. However, after it makes the first return sync to GOS, and I try to open it in DroidFS, it fails: “Open failed. The configuration file cannot be loaded. Make sure the volume is accessible.”

If I make a cryfs volume on Fedora with SiriKali and sync back to GOS, I cannot add the volume to DroidFS because DroidFS only seems to create new volumes but will not add such pre-existing volumes.

I already know Cryptomator exists and is another encrypted sync option.

Here is a thread on this site RE gocryptfs.

(1) gocryptfs is no longer available in the Fedora repos and I don’t yet want to compile it.

Personally i don’t understand the point of creating encrypted volumes on modern smartphones when the storage is already encrypted and assuming you have put a strong pin.

I feel your setup is too extreme and suitable for people with much higher threat model.
Its good that project like droidfs exists but most could get away with just storing on normal storage space.

To answer this i don’t think it would be possible to sync encrypted volume of droidfs.

Though creating a encrypted volume on desktop may serve a purpose given the nature of device like someone could actually takeout the physical storage device easily or could bypass OS level storage encryption, but on mobile its highly unlikely.

1 Like

Looks like DroidFS cannot access those folders (volumes).
Make sure to give Files permission to DroidFS.
If you are using GOS and enabled StorageScopes then give access to those specific folders (volumes) to DroidFS by adding those folders to StorageScopes.

To the problem where you get error “Open failed” I recommend you to instead of using any frontend, directly open (mount) those encrypted and synced folders via command line and use them with any file manager.

Edit 1 -

3-4 years ago I moved from Cryptomator to gocryptfs and now cryfs (after DroidFS added support for cryfs).

Reasons for moving from Cryptomator -

  1. You need to pay again to unlock Dark theme on PC app after once paying for Android app.
    They call this “donation”.
    (I don’t know if things changed now.)
  2. Second issue for me was personal, the way I use my system, gocryptfs made much more sense.

Edit 2 -

Table comparing Cryptomator, gocryptfs, cryfs and many other projects
https://nuetzlich.net/gocryptfs/comparison/

Tbh, droidfs seems redundant considering fscrypt exists: fscrypt - ArchWiki

Probably the reason is some sort of plausible deniability, or volume with files that you can hide, but unlock main pin.

Just note though this will only fool the most casual of observers, if the encrypted files are found questions will be asked.

I got the feeling cryfs isn’t really all that maintained.

1 Like

How do you use fscrypt on Android?

By default that is the encryption used I believe (on devices that support encryption).

Maybe I should have made my question more clear: Can you decrypt and encrypt files on Android which have been encrypted with fscrypt on desktop Linux, since the OP wants to sync and en/decrypt files between Android and Linux?

I’m not sure. Maybe using something like Termux… but that seems overkill for this use case. Does the OP want to do:

  1. Send encrypted files to android phone that have to be manually decrypted
  2. Simply send files in a secure and private manner to android

If the latter, to my limited knowledge syncthing already completely encrypts the file meaning that noone but the phone and computer could see the file. If the OP want the former, then that might be more difficult given that there aren’t many applications that can encrypt/decrypt files for android (TO MY [limited] KNOWLEDGE). Maybe Turmux with one of PG’s recommended terminal encryption programs would be best.

Fair point. My use case doesn’t strictly need this as my phone and desktop are both encrypted. However, I like to try such these things for fun and interest. Eventually I couldn’t find a good tutorial which was suboptimal as such a setup could be useful for someone with a threat model requiring it.

1 Like

I was experimenting with #1. I agree that Syncthing already handles encryption in transit.

I hadn’t thought of a terminal on Android approach. Thanks.

1 Like

This was the problem. I hadn’t set up the storage scope for the DroidFS volume folder. Thank you.

So, it does work, I’ve completed several sync rounds now.

-create volume on Android with DroidFS with cryfs
-if using GOS, confirm storage scopes for that folder is enabled
-sync via syncthing
-mount that folder with SiriKali on Linux (Fedora in this instance)
-access it at the mount point which is /home/USER/.sirikali

1 Like