Page 1 of 1

Cataloging crypted (secret) volumes

Posted: Fri Aug 18, 2023 3:20 pm
by pixel
Hi I have some volumes with crypted data for security reasons and I want to catalog them.
I assume that anyone who has access to my catalog files can peek into the secret volumes as well, and - if configured so - even see thumbnails or read texts.

Therefore I moved the whole database folder to an encrypted volume. This way you need at least the key for the now encrypted database files to peek into.
But this is not very convenient because even for searches or volume updates of non-encrypted volumes you would need to mount the encrypted database folder first.

I was thinking it would be nice to have the option to encrypt only individual databases (of volumes or folders) within an un-encrypted database-folder. Naturally these would then be excluded from a „normal“ search or content browsing - if you not otherwise activate an option „include encrypted databases“.

I would prefer to NOT store / retrieve the keys for theses encrypted databases in / from the Keymanager of the OS. Rather input them individually and have Neofinder cache these until the app is closed or a given inactivity time limit.

What do you think?
Are there better workflows?

Re: Cataloging crypted (secret) volumes

Posted: Fri Aug 18, 2023 4:53 pm
by neo-admin
Hello,

thank you for that feedback, this is quite interesting!

We have been looking into encrypting catalogs for quite a while now, but it was always a massive trade-off between speed (to search, update, and just browse) and of course convenience and ease-of-use.

We will definitely take your suggestions intop account and talk about them in our next developers meeting...

Thanks!

Re: Cataloging crypted (secret) volumes

Posted: Sun Aug 20, 2023 2:52 pm
by pixel
Thank you for your kind reply on this subject!

Until there will be a new method available I was thinking of the following workaraound:

- separate my database folder into two folders. Folder „A“ with no sensitive catalogs, folder „B“ with all catalogs.
- Folder B will be on an encrypted volume.
- I try to write a script / automation that allows to quickly switch between folder A or folder B as the database location and probably restart Neofinder afterwards.

This way I could have the non-sensitive catalogs open as default for search and update most of the catalogs.
On the other hand I can switch to the full catalog set if necessary.

To have all duplicate catalogs in sync the script will run a file synchronisation process to update all mirrored catalog files. This has to be done everytime before I switch between the database location A and B. And before system shutdown or quitting Neofinder if B is the active folder.

If the script will also trigger the decrypting of database folder B, this would sound like a one click solution to fullfill my needs. The drawback will be that it needs up to double the space for the databases.

To the developers of Neofinder:
I assume you now already “merge” the individual databases / catalogs when searching or filling “smart folders”.
Wouldn’t it be possible to also merge additional databases / catalogs which are stored at a different base location?
This way I would not have to maintain a full copy of the non-sensitive catalogs.
And you would “just” have to add an option in Neofinder to merge catalogs of two (or more) separate locations.

I admit that I didn’t think about how smart folders and albums would work in this concept.
In my workaround, what will happen if an album refers to data in folder B but folder A is the active one?
I’m thinking of using the “"Shared.Database.Information" method to have albums and smart folders within the catalogs’ base location and maybe use different naming schemes for albums and smart folders which refer to content only available in the B scenario. This way the synconisation task can exclude that subset and thus avoid unresolvable references,

Thanks for your great software!