Jonathan Markevich

Managing Encrypted files on Amazon Cloud Drive

I have implemented a file system on Amazon Cloud Drive for a lot of media with the great acd_cli.  To protect my privacy, I have run this through an encryption layer encfs.  My writeup will follow.

A problem I was trying to solve in my mind though, is how to manage – rename and delete files once they’re all scrambled up and I can’t discover even the path and filenames.

Ultimately this would be seamless.  Delete a local file stub and it traces back to the encrypted remote file, but it doesn’t quite work that way.  I discovered how to do this on my Linux host.

Once I realized that the filesystem for encfs has the same inode numbers for the encrypted and decrypted files, I had a clue.  First, let’s find out what that file number is:

$ ls -li cloud.plaintext/subfolder/filename.ext

149 -rwxrwx--- 1 jonathan plex 597979891 Dec 27 05:14 cloud.plaintext/subfolder/filename.ext

149 is the part we want.  inode numbers are unique per partition/filesystem, and seems to persist between the encfs pairs.  Now, to find a file in the encrypted path system with inode 149… find to the rescue!

$ find cloud.encrypted -inum 149

cloud.encrypted/(encrypted subdirectory name)/(encrypted filename)

I won’t even try to copy/obfuscate the number above.  Try it if you want to see it.  It would be almost impossible to track that file without the number.  Size and date are much harder to nail down the exact file.

So, to stitch these two together first you want the inode number only:

$ ls -li cloud.plaintext/subfolder/filename.ext | cut -f1 -d' ' 149

Now this is something we can use in a delicious Linux command chain.

$ find cloud.encrypted -inum $(ls -li cloud.plaintext/subfolder/filename.ext | cut -f1 -d' ')

cloud.encrypted/(encrypted subdirectory name)/(encrypted filename)

This is easy enough to make into a little bash script, and allow passing arguments and quoting to protect against embedded spaces, as well as including the explicit Amazon Cloud Drive working area:

#!/bin/sh
ACD_LOCAL=/usr/local/var/Amazon-Cloud-Drive/

find ${ACD_LOCAL}cloud.encrypted -inum $(ls -li ${ACD_LOCAL}cloud.plaintext"${1}" | cut -f1 -d' ')

Works great for specific files, not so much for directories.  You would have to change the ls command to use a -ldi parameter just for those cases.

Now that we have the filename, we can manually delete that filename on Amazon, either through the web interface or using acd_cli’s command line trash argument.

Posted

in

, , ,

by

Jonathan

Tags:

Comments

2 responses to “Managing Encrypted files on Amazon Cloud Drive”

  1. Toponse

    Nice Article! Amazon Cloud Drive is the only cloud service which has TRUE unlimited storage. For $60 a year that is an enormous bargain. but they’re no longer offering unlimited storage. Its’ Now 1 Tb Space, no ftp upload and direct access to files. Also many sync problems in software.

    What about speed of downloading files from amazon cloud drive. I have a very bad experience.

    1. Jonathan

      Yes, I had the same experience, it was quite bad.  I cancelled and got a refund.  I am currently using a GSuite account, which is much, much faster, better connectivity and unlimited online space as well.

Leave a Reply