Files that have been encrypted using the TrueNAS (FreeNAS) Cloud Sync Task can be easily decrypted after simply downloading the encrypted (.bin), file without pulling the full remote target.
Encryption (and sync) is done using rclone, which is available via TrueNAS CLI or can be installed on any local device.
Download the encrypted (.bin) file from your remote.
For this example we will call the file encrypted_data.txt.bin .
Generate a new local rclone config file.
This will create a config file in the current directory that can be used to decrypt downloaded files.
rclone --config restore.cfg config
# Choose 'n' for new config
# Give the name 'dir'
# Choose storage type 'crypt'
# For remote type '.'
# For unencrypted (.bin) filenames choose 'off'
# For unencrypted directories choose 'false'
# For password choose 'y'
# Enter the password used in TrueNAS Cloud Storage task config
# If salted choose 'y' otherwise choose 'n'
# Enter the salt used in TrueNAS Cloud Storage task config
# Choose 'n' for advanced config
# Confirm the config 'y'
# Quit the wizard 'q'
Decrypt the file locally.
Now that we have a config file with the original password and salt (if used), we can decrypt local files. Note that we do not use the added .bin extension when referencing the encrypted file.
- Decrypt and keep original
rclone --config restore.cfg copy dir:encrypted_data.txt .
- Decrypt and delete original
rclone --config restore.cfg move dir:encrypted_data.txt .
- Only check the decrypted contents
rclone --config restore.cfg cat dir:encrypted_data.txt