Trying to use FRP and dropbox replicated folders on two systems, system a and system b. Both systems share the same grant key.
Assumption must block process dropbox.exe in the policy because we don't want dropbox decrypting the file. <---- should I even do this? (tried blocked and not blocked)
So the idea is that the file is encrypted on computer a, in the DB cloud and when it is sent to computer b.
The file resides in the replicate dropbox folder on both computer a and b. Encrypt the file with shared grant key on computer a results in computer b having an additional file (.cekey) in the directory, looks like the encryption icon.
Sometimes the encrypted file is duplicated at computer b and is not accessible. Sometimes the encrypted file cannot be opened (access denied) even after all DB sync'ing has completed.
If my DB was only used at one computer, this solution would work and there wouldn't be an issue, but now I have two systems, actually three that I keep the DB sync on to keep the files synced.
Any ideas on how I might correct my mistakes to make this work right?
If you compare the file on the two different computers, is it the same?(I doubt it).
It would seem there is perhaps some flaw in the DB sync of the data which is not capturing all the changes?
Maybe it will work if you edit the file outside of DB
Oh, and Naveen just sent me some very useful info that Dropbox may not support all the possible file names that Windows supports - by any chance is dropbox renaming the file, adding a "_" at the end for example?
The special char at the end of the file name is how FRP knows it's encrypted. That MUST be preserved.
Yes, I have observed that from windows explorer there is a special character at the end of "some" files. It's a floating period. I cannot delete the file from explorer. In cmd I can list the file and it shows a "?" at the end, I was able to delete it from cmd.
I ran a few more tests and the results are as follows:
No Dropbox Block
Encrypt Folder shared grant key
Encrypt Files shared grant key
Same test with Dropbox Blocked in policy
Select all and copy and pasted multiple times.
Created a ppt file, encrypted from Computer A
I currently conclude that this is probably a problem with DB and the way it handles files during sync and is less likely to be an issue with FRP. I don't recommend using DB with FRP if more than 1 computer if the target file will be accessed by more than 1 endpoint.
if the .cekey file is not replicated, the 2nd computer won't know to encrypt files in that folder.
if the special char is not replicated, then the 2nd computer won't know the file is encrypted.
Maybe zip the file and then put it in the dropbox folder? that should preserve the file extension.
Testing create and edit outside DB and encrypt then send to DB, synced and opened successfully on second endpoint.
Good call, but it still defeats the purpose of automatic sync.