Hello Nick & Gabriel, before thinking about encryption, what is the user and authorization concept for that share? Can every user see and change all other users files? Or are the paths somehow distinct for all users, disallowing sharing? The doc only states, the guacd process needs to be able to read/write the directory, nothing else.
In fact I never enabled that drive, because I never understood and thus referred my users to using standard shares that support ACLs (and all the shares are ultimately protected by Bitlocker, as is my Guacamole setup as it runs on Hyper-V). Thanks, Joachim Von: gabriel sztejnworcel <> Gesendet: Wednesday, 4 May 2022 13:16 An: [email protected] Betreff: Re: File Encryption for RDP Redirected Folders Thanks for your answer Nick! It's not so clear to me how this can be implemented only on the remote server side since files are uploaded by Guacamole without any involvement of the remote server, unless it somehow monitors the folder and each time a new file is created it encrypts it immediately. I will look into it, thanks! On Wed, 4 May 2022 at 00:04, Nick Couchman <[email protected] <mailto:[email protected]> > wrote: On Tue, May 3, 2022 at 3:50 PM gabriel sztejnworcel <[email protected] <mailto:[email protected]> > wrote: Hi, Was there ever a discussion or suggestion to implement encryption for files transferred in RDP sessions through redirected folders? So that if someone gets access to the Guacamole server, they won't be able to get these files, which might contain sensitive information. I thought of creating a key for each session, when the file is uploaded - use the key to encrypt it. When the file is read from within the RDP session - decrypt the requested portion. The encryption itself might be challenging as it needs to be in parts. For download - maybe it's possible to stream the file to Guacamole client immediately and not store it on disk instead of encrypting it. Wondering if someone ever tried it or if someone else thinks it's useful. Well, you could do this entirely on the remote desktop side and it shouldn't be a problem, you'd just have to install some sort of encryption software that encrypts the files before they land on the redirected folder. The redirected folder is really just an internal file share presented by the RDP client (\\tsclient\share <file://tsclient/share> ), so you just need some way to enable, encourage, and/or enforce encryption on the RDS host. It's been a little while since I messed around with client encryption software, but back in the day there were Open Source items like TrueCrypt and VeraCrypt that could do this cross-platform, and I know there are also commercial solutions. While this method is somewhat disruptive - it means additional software/steps for the user - it is the most secure, as it allows for encryption on a per-user basis, which means that no one, not even the root user of the guacd server, can decrypt the files. Beyond that I suppose guacd could be extended to support transparent encryption of the files as they land; however, this would mean that the encryption keys for the files would be stored on the guacd server, so if someone compromised that server, they could still get access to the files and decrypt them. I think some filesystems - like ZFS - support transparent at-rest encryption and can manage access to keys, use hardware keys, etc., so there may be some possibilities, there, as well. This is a bit out of my areas of experience/expertise, though. -Nick
