SparkleShare - Free Open Source DropBox Alternative and Client Side Encryption

Thireus -

Create your own free and secure DropBox with SparkleShare!

SparkleShare is a free and Open Source alternative to the famous DropBox service, which allows users to upload and store files in the cloud. You can download this utility (currently supported for MacOS, Linux and Android) from sparkleshare.org.

SparkleShare has the advantage to let you use your own configured GIT server where your files will be hosted. This main characteristic is important for those who do not want to pay for extra online storage space and for those who are concerned about cloud privacy. But, if you do not own any server, SparkleShare can also be configured to use Bitbucket.org, Github.com or Gitorious.org.

Today I’m gonna show you how to setup a private and ultra secure SparkleShare box.

Those who want to setup their own GIT server will find a quick and ultra easy tutorial on this page (“Setting up a host” section): http://sparkleshare.org/

Basically the server setup is as follow (you must be root):

apt-get install git
adduser --disabled-password git # Creates a new user 'git'
cd /home/git
git init --bare MyProject # Creates the GIT repository directory /home/git/MyProject
mkdir .ssh

Now you can store all client ssh public keys, so that clients can login with the ‘git’ user and access your GIT repository.

nano .ssh/authorized_keys # This is where you must store your client ssh public key

Once edited, you have to fix permissions:

chmod 700 .ssh
chmod 600 .ssh/authorized_keys
chown -R git.git .

Your server is now configured. That was easy, heh?

Now the client side:

First make sure you have git installed and that you can connect to your host server!

$ whereis git

/usr/bin/git

$ git --version

git version 1.7.5.4

If you are under MacOS and do not have git installed, I recommend to install it via MacPort, you can also read this tutorial http://matthew.mceachen.us/blog/installing-git-with-macports-197.html. If you do not have MacPort and do not want to install it, you can alternatively get it here: https://code.google.com/p/git-osx-installer/downloads/list?can=3.

You are now ready to use SparkleShare. Download it from sparkleshare.org and configure it.

Hit the Add button and that’s it! You should now see into your home directory a new folder called SparkleShare containing all your projects.

How to setup a client side encryption for hosted files?

This is the most interesting part of this article. I’m going to explain how to use a client side encryption system so that nobody can know what you are hosting on the cloud. This tip can be applied to any existing Cloud platforms (DropBox, iCloud, Amazon, etc.) and not only SparkleShare.

Let’s use encfs, which is a tool that creates two linked folders. The first folder is the encrypted side, and the other one the unencrypted directory in which you will drop the files you want to encrypt.

First you have to install encfs:

Once installed check which version of encfs you are using (all clients must use the same version! This is very important).

$ encfs --version

encfs version 1.7.4

Ok, you are now ready to create your encrypted folder using encfs, prefer the use of "paranoia mode". This procedure must be performed once only using your first client which will be configured to use this folder. The directory “~/SparkleShare_Unencrypted_folder” is the unencrypted side, so do not put it inside your SparkleShare box!

$encfs ~/SparkleShare/MyProject/secure_folder ~/SparkleShare_Unencrypted_folder

Creating new encrypted volume.
Please choose from one of the following options:
 enter "x" for expert configuration mode,
 enter "p" for pre-configured paranoia mode,
 anything else, or an empty line will select standard mode.
?>p
[...]

Great, now to mount your directory this is the same command. So we can create a script that does the job automatically:

nano encfs

#!/bin/sh
encfs ~/SparkleShare/MyProject/secure_folder ~/SparkleShare_Unencrypted_folder

chmod u+x ./encfs

To umount the unencrypted folder you must use fusermount:

fusermount -u ~/SparkleShare_Unencrypted_folder

If you want to configure another client which will use the same encrypted folder, this mount script should be enough. The encfs configuration file is located inside the encrypted SparkleShare folder you've just configured “./SparkleShare/MyProject/secure_folder/.encfs6.xml”. The use of the same encfs version for all clients is required because of this configuration file!

One last thing…

If you want to free some space by removing old removed file revisions on your server, execute the following script at the root directory of your repository on the server side:

#!/bin/bash
set -o errexit
 
# Author: David Underhill
# Script to permanently delete files/folders from your git repository.  To use
# it, cd to your repository's root and then run the script with a list of paths
# you want to delete, e.g., git-delete-history path1 path2
 
if [ $# -eq 0 ]; then
    exit 0
fi
 
# make sure we're at the root of git repo
if [ ! -d .git ]; then
    echo "Error: must run this script from the root of a git repository"
    exit 1
fi
 
# remove all paths passed as arguments from the history of the repo
files=$@
git filter-branch --index-filter "git rm -rf --cached --ignore-unmatch $files" HEAD
 
# remove the temporary history git-filter-branch otherwise leaves behind for a long time
rm -rf .git/refs/original/ && git reflog expire --all &&  git gc --aggressive --prune

Happy Sparkling!

Related terms: