For those who use(d) DiskAES256 VFSs

The DiskAES256 virtual file system (VFS) type provided at-rest encryption in Syncplify.me Server! v4.x and v5.x, and served its purpose well for several years, but it got old, and in IT lingo “old” means that it can’t be considered secure anymore. It uses the AES-256 algorithm in a simplified version of the XTS mode, so we decided to retire it while it’s still unbroken.

In fact, at-rest encryption in Syncplify Server! v6.x will be provided by a state-of-the-art implementation of the AES-256 algorithm in GCM mode (authenticated encryption) with per-stream unique initialization vectors.

Not only this improves security by leaps, but (unlike v4 and v5) this method is applicable to all virtual file system types. Yes, with v6.x you’ll be able to apply AES-GCM encryption also to your S3, Azure, Google, and SFTP virtual file systems, not just the disk-based ones!

This gigantic step forward, though, comes with a small trade-off: version 6.x will no longer be able to access or support the old DiskAES256 encryption, so a method to decrypt your old DiskAES256 storage is needed, in order to move those folders and files over to the new v6.x high-security standard.

Upon release of Syncplify Server! v6.x we will therefore also release this tiny app to decrypt your old DiskAES256-encrypted folders, so that you can then migrate them over to the new and more secure server version.

We have finished testing this little app, and we’ll make it available for free to all users (including users of the free edition) of our previous Server! versions upon release of v6.x.