What's new
PGBlitz.com

Register Now! Find useful tips, Interact /w Community Members and join the part the Best Community on the Internet!

Discussion Encrypted drive access from multiple computers, or restoral (solution and question)

timekills

Blitz Samurai
Staff
Donor
This might be obvious, but if you want to access your encrypted files from more than one location, or you have to re-create your PMS and want to access the encrypted files again you need to use the same rclone.conf file.

Problem: Entering the same password and salt password on a new computer (either a second computer to access the share, or if you have to re-create the share because you reimaged your computer) does NOT seem to allow access to the encrypted share.

I tried entering the same password and salt when creating the encrypted share that I had used previously. I am certain they were correct. However, the new share did not see the old files.

When I copied and pasted the "password" and "password2" from the old rclone.conf file (the one that created the encrypted share initially) to the new computer's rclone.conf file it worked perfectly.

Unless I did something wrong, it appears that it is EXTREMELY IMPORTANT that you make a copy of (at least the encrypted share portion) rclone.conf for restoral later or use on another location.

Example rclone.conf file for the encrypted share (not the actual password texts - example using "password")

Bash:
[gcrypt]
type = crypt
remote = gdrive:/encrypt
filename_encryption = standard
directory_name_encryption = true
password = 0qzNah0Ltq8bAJYSOeXd7QvnCXA0Hae6
password2 = V_XFG29x7FawI17vPrHytVGXBhhFoZT5r
Let's say I used "password" for the password and the salt (password 2 that encrypts the password when creating the encrypted rclone share.)
When I tried to create an encrypted rclone share for the same location on a different computer, I again used "password" for the password and salt. But the encrypted password and password2 in the rclone.conf file were different than the original one, and the new computer could not see any of the files.

Solution: When I edited the rclone.conf file on the new computer and just copy/pasted the password and password2 from the original computer (the one that created the encrypted share originally) it worked fine.

Question: Is this actually the only way to access an rclone encrypted share from another location or if you have to restore the share? That means if the original computer has a problem and the rclone.conf file is changed (or the computer is reimaged for example) that you're screwed if you don't have a copy of the rclone.conf file.
 
Last edited:

Admin9705

Administrator
Project Manager
Ya so the picture I demoed worked across two computers. One was local and one was remote. Remember that the password u see in the config is almost like a hash. Use rclone reveal long code and it will show you what you originally put in. I performed the check this morning.
 

timekills

Blitz Samurai
Staff
Donor
BLUF: Tracking the rclone reveal (and rclone obscure) commands. If I understand you correctly, you're saying I should be able to enter the same (plaintext) password and salt into the new share and it will be able to read the files encrypted by the other computer. Because I did that - and it didn't work.

I checked "rclone reveal 0qzNah0Ltq8bAJYSOeXd7QvnCXA0Hae6" (staying with my example above) on the original computer and it spit out the password that I used on the second computer.

The problem is, when I tried to set up a connection to the encrypted share on a different computer and it asks me for the password and I entered it (in plaintext), after it created the encrypted share it didn't show or could access any of the files encrypted by the first computer.

I'm going to assume I somehow fat-fingered the password all four times (twice for the password and twice again for the salt.)


Aside: I realize it doesn't matter that the hashed password isn't the same on the new computer. The obscured password will be different each time you do it (try "rclone obscure password" a few times and you'll get a different hash each time. But if you run "rclone reveal (hash)" it will spit out "password" So the fact that the hash is different shouldn't matter.)
 

skijbal

Blitz 1st Class
I’m having the same issue. I am using the same passwords and can’t access the encrypted folder/files.

This worked fine under 7.4.11.
 

hooper

Blitz Legioner
Staff
Donor
First, make sure you are using 7.4.12. I am going to assume you are using PGMove with encryption.

So, assuming using PGmove with encryption - start plexguide and select option2 'PG Clone: Mount Transport'. Select 'OAuth and Mounts' and use the 3rd option to set your password/salt (under Required Tasks). Make sure you type just your original password (not the obfuscated/hashed one you see in rclone.conf). You need to do this for both the password and password salt. No spaces or any additional characters.

You now need to re-do your gdrive configuration using option 4 under 'Rclone Configuration''. PG will tell you that gdrive already exists and that it must delete the prior configuration. This is important that it does this.

After that, select option 4 to deploy your configuration. ONce complete change to /mnt/gcrypt and see if your data is there.

The steps for PGBlitz with encryption are mostly the same, although you will need to reconfigure the tdrive (like I do with gdrive) and then remove and regenerate keys using the Key Management section. Once those additional steps are done you then do the deploy.

You can check your passwords by copying the password hash from your .config/rclone.conf file and appending it to rclone reveal command. if you the output matches your original password, you are good to go. Do this for all the hashes you see in rclone.conf to be sure you got it right.
 
Last edited:

hooper

Blitz Legioner
Staff
Donor
Here is an example using rclone reveal showing the correct password for my system:

1544565823074.png
Here is an example showing a bad password. Notice the additional CR/LF? that was the problem.

1544565693632.png

The actual text of the password is correct, however the additional CR/LF characters prepended to the password (or whatever caused that blank line) made it different which changed how the data was decrypted (or not decrypted in my case) resulting in it not showing up.
 

timekills

Blitz Samurai
Staff
Donor
Just FYI, it's not the Plexguide encrypted drive machine that has the issue. It's another box that has files that I'm uploading to the encrypted drive. Also it's a PG Blitz box, but that's moot.

This issue (probably) has nothing to do with Plexguide; it's just rclone configs. There is an issue on Git tracking the same problem but I don't recall which version of rclone it affects. I thought it was an older version than the one we're using but I can't check just now.

I got it to work by copying and pasting the obscured passwords. No matter what I did, whenever I entered the passwords in plain text it would not access the already encrypted files.

That's quite an easy fix - as long as you have your rclone.conf file available.
 

Admin9705

Administrator
Project Manager
Ya this is using rclone 1.44 and works fine :D but hey, good to know. what i may do is when it displays the passwords, it displays also the rclone reveal so it shows a match back to the user on input and rclone's reveal.
 

timekills

Blitz Samurai
Staff
Donor
I'm clearly doing something wrong here.
I wiped my old test server and set up the encrypted move test using the same client ID, client secret, password and SALT PW.
Even checked them using the OLD passwords and "rclone reveal" to copy and paste the password

When the new gcrypt directories are made, there are now eight (8) folders in the encrypt folder. The old movies, tv, music, and plexguide folders, and the NEW movies, tv, music, and plexguide folders.

The movies I had previously encrypted are all still in the old encrypt/movies folder (of course the names are obfuscated, but I know they're there because you can see the folder and file sizes.)

When I add a new file to the encrypted movie folder, it gets encrypted and added to the new folder.
I can't read or access any of the old folders - even though I used THE SAME client ID, client secret, password and SALT PW.

Even the other way of editing the rclone.conf with the old password and password 2 isn't working.

If someone has actually re-created the drive connection and can access their old encrypted files, please tell me what I'm doing wrong.

Thanks!
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads


Development Donations

 

Top NZB NewsGroups!

Members - Up To a 58% Discount!

Trending

Top