This article adresses the following problem: Assuming you have some amount of data, let's say 20 GB, on your local machine at home, and you would like to synchronize this data with a remote server. You are a security aware person and your local hard drive is encrypted. Therefore, it would make no sense to just upload this data unencryptedy to an unencrypted remote server you eventually don't even really trust. We suggest the following solution to this problem (assuming you work in a Win7 environment or something like that): Instead of the data itself, we will upload a True Crypt file container instead. Then we use Dokan to mount the remote drive as a local drive. The file container on this ''local drive'' is then mounted via True Crypt as a drive. Now you can use any local synchronization tool of your choice and dismount everything again. Usage of all this different software can be simplified by using AutoHotkey.
Step 1 (True Crypt):
Download and install
True Crypt. Start the software and create a new standard filecontainer, which is big enough to incorporate all the data you want. In our test case we choose 20 GB. After the container is created, you have to initialize it. To that end, mount the container and copy all the data you want to sync on it. After you have finished, dismount the container.
Step 2 (Dokan):
For this step you need access to the server you want to synchronize your data with. Preferably the server should support connections via SSH. Download and install
Dokan. In a first step you have to install the
Dokan Library and after that, download and install
Dokan SSHFS. This is the package we are actually looking for. After you have finished start DokanSSHFS.exe and enter the adress and login details of your server as well as a folder on the remote server and a drive letter. If everything works, you should see a new drive in your windows explorer that contains the content of the remote folder you entered. Upload the True Crypt filecontainer to this drive. (This may take quite a while. If your container is very large you can do this with another program as well. Maybe one that supports pausing or resuming transfers, for example
WinSCP.)
Step 3 (again True Crypt):
After you have finished you can mount the filecontainer from your dokan drive in True Crypt . Just as if it were a local filecontainer. By now we have reduced the problem to a local synchronization problem.
Step 4 (Synchronize):
Solve the local synchronization problem by any software you like. I had great success with the commercial product
Super Flexible File Synchronizer. A canonical alternative would be
Unison File Synchronizer. The initial synchronization of the later one takes so long that I was too impatient to try though.
Step 5 (Autohotkey):
Let's define the above procedure of synchronizing two encrypted drives over an encrypted connection via True Crypt and Dokan
TrueSync. If you do this on a daily basis, this is quite a lot of work. You have to get Dokan running, mount the container, run the synchronization software etc. This can get quite annoying. You can drastically speed up this process using
AutoHotkey. This is a software that allows you to write scripts that automatically execute keystrokes and mouse clicks on certain conditions. Its documentation is a bit nasty. You find two example scripts
on my website ((and we also have
a local mirror of the TrueSync AutoHotKey scripts.)). One for mounting after startup and one for dismounting before shutdown. Of course you have to adapt them to your local machine in terms of filepaths etc. It should be noted that these script assume that you manage your passwords for Dokan and TrueCrypt with
KeePass. It is as usual not advisable to safe them in plaintext in the scripts.
Conclusion:
I have tried the above method for several weeks and it works quite fine. One should stress that once the filecontainer is on the server you can of course synchronize multiple clients with it using the same procedure. This provide a convenient way of keeping your data on your machine at home, at work and your notebook for instance synchronized.
Since I do not consider myself as an expert in cryptography and since this is my first tech article in this blag, please let me know if you think this is complete crap. I would in particular be interested in how secure you think this method is.
One Reply to “TrueSync”