Oct 31 2022 Encrypted file sync to android (two way)

2-way encrypted files sync to android

I have just spent many hours figuring out how to get my documents synced to android phone in an end-to-end encrypted way. Hopefuly these notes will save you some time.

Initially I was using Nextcloud and its end-to-end encryption option. To put it mildly: It got stuck in many ways and consumed waaay too much of my time trying to make it work. In my oppinion the plugin is garbage level of reliability, considering very bad user rating (negative feedback status on NC app store), many users share this viewpoint. However, it was kind of working for a while for me. So if you only have a few files, with short filenames and small sizes, maybe this is the way to go.

What I tried and did not work

Nextcloud end-to-end encryption

Failed to work reliably. No need to describe all issues (from file locking on server to sync errors on client)
Veracrypt containers on Nextcloud with EDS Lite

Somehow I could not mount EDS Lite created volumes on linux with veracrypt, and also not veracrypt created volumes on android (after sync). Maybe I was missing some settings, but to me it looks like the two are incompatible.
Luks containers on Nextcloud with EDS Lite

Better than veracrypt: I could mount the container on both Linux and Android. However, Nextcloud does not implement sync of only changed parts of files. Dealbraker.

Final success

Encfs on Nextcloud

Finally works. One way only, as Nextcloud android client will not automatically add new files that appear inside its folders to nextcloud. This is the most annoying part. Essentially files are read-only on android, but with the added benefit that only partial sync is possible (I disabled filename encryption). A possible hack to upload files from android would be to first create a file with the same name and then replace its contents.

This sort of works for me.

To get encfs mounted on linux automatically on boot, one has to create a wrapper script. Like:

#!/bin/bash

echo "<your password>" | sudo -u <username> encfs --stdinpass "$@"

and name it /usr/bin/mount-encfs-nextcloud. Then one can mount the volume automatically by adding the following line to /etc/fstab

mount-encfs-nextcloud#<path_to NC folder>.encfs <path to mount point> fuse  defaults 0 0

My aim was to sync the files with the files being encrypted on NC server. This accomplishes the task, although the PW is now in cleartext on my disk.

Feb 01 2021 Grub: like chainloading, works with EFI and full disk encryption

How to dual-boot multiple linux installs with EFI and full disk encryption

Dec 20 2020 Bluetooth on linux: disabling builtin adapter

How to disable the builtin bluetooth adapter on linux

Dec 19 2020 Using antivirus scanner (clamav) on desktop linux

How to use antivirus scanner clamav on desktop linux

Oct 30 2020 Slurm on Ubuntu 18.04

How to install slurm on ubuntu 18.04