This project has moved. For the latest updates, please go here.

SVN + Veracrypt + Dropbox?

Topics: Technical Issues, Users Discussion
Sep 23, 2014 at 7:07 AM
I'm thinking of creating a small Veracrypt virtual drive and an SVN repository on it, and keeping the encrypted file in Dropbox for automatic syncing.

I still use Truecrypt occasionally (been meaning to migrate tho Veryacrypt) and keep its small encrypted virtual drive in Dropbox. The problem is that I have to unmount the drive in Truecrypt for the file to sync, so I'm guessing the file's contents and timestamp are updated only then. As far as I understand, Truecrypt development has stopped, and Veracrypt is a fork that is being maintained and developed further.

Is there a way to configure Veracrypt to do automatic flushing to make sure the file syncs every time I make changes to the virtual drive contents?

(cross-post from stackoverflow)
Coordinator
Sep 24, 2014 at 2:04 PM
Hi,
Actually there is nothing we can do to force automatic flushing of the data into the container every time changes are made .To explain why, I'll take the example of a USB flash drive. When you write data to a plugged USB key, there is no guarantee it will be written right away : instead, Windows for performance reasons uses a cache mechanism to store your data or modifications and they will written on the device after some delay that depends on multiple factors. The only way to be sure that your data have been written to your USB key is to "Safe Eject" it.

Windows handles a VeraCrypt virtual drive the same way : when you make changes to the content of the drive, the unencrypted data are not written right away and thus our device driver doesn't receive anything that can be encrypted and written back to the encrypted container. We have to wait for Windows to flush the data to the virtual drive and then we can encrypt them.
When you unmount the virtual drive, Windows reacts the same way as for the ejection of USB flash drive: it flushes the pending data into the storage which in turn triggers their encryption in our device driver and it makes VeraCrypt store the encrypted data in the encrypted container.

There are free tools on the internet that enables you to explicitly force Windows to flush all pending data on a specific drive (like Sync from Sysinternals and FFB from Uwe Sieber's Homepage). But they have to be run with administrative privileges.

In your specific case, I have a solution : you can use an SVN Hook Script. Create a Post-commit hook script where you call one of the tools I listed above with the right parameters in order to flush the data on the desired virtual drive after each commit. Don't forget to configure the exe program to always run as an administrator by modifying its Compatibility properties (this link explains how : http://technet.microsoft.com/en-us/magazine/ff431742.aspx)

Last point : Linux has the same issue but the mount command has options to automatically write data to the filesystem (namely -o sync or -o flush). VeraCrypt uses the mount command internally and it offers the possibility to specify additional options to be passes to the mount command : if you use VeraCrypt command line, you can use the switch --fs-options (i.e. --fs-options=sync) and if you use the GUI, just click on the "Options" button in the password dialog : new fields will appear and in "Mount options" you can put "sync" or "flush".

I hope these elements will help you solve your synchronization issues.
Sep 26, 2014 at 11:22 AM
I saw your reply on stackexchange. Thanks again for your help! I am mostly using Eclipse/Subclipse plugin on Windows 7. Not sure whether it will be possible to create a hook script with a local SVN repository and Subclipse (if you or anyone happens to know, I'm curious, of course), but I can always run Sync manually or periodically though the task scheduler. Love the Sysinternals tools. Also thanks for the Linux info.