Storing your data is easy. Protecting it is hard. Our personal information, photos, documents, banking information, and more is being stored by third-parties and we are giving up control for convenience.
存储数据很容易。 保护它很困难。 我们的个人信息,照片,文档,银行信息等将由第三方存储,为了方便起见,我们将放弃控制。
We all have a choice of which provider we want to use to store our information: Dropbox, Google Drive, OneDrive, iCloud, Box, etc. We can access our data anywhere, anytime, and its awesome. They have great apps, and you can selectively sync on your desktop or phone, not having to worry about storage space.
我们都可以选择使用哪个提供商来存储我们的信息:Dropbox,Google Drive,OneDrive,iCloud,Box等。我们可以随时随地访问我们的数据,而且数据真棒。 它们具有出色的应用程序,您可以有选择地在台式机或手机上进行同步,而不必担心存储空间。
That’s all good but I want to store my data and sleep sound that nobody can access it, service provider, government, hacker, that crazy ex we all have who is totally trying to guess my password right now. This seems daunting but there have been some amazing developers who have created some open source tools to be able to manage this and not have to pay enterprise prices, for enterprise encryption.
很好,但是我想存储我的数据和睡眠声音,任何人都无法访问它,服务提供商,政府,黑客,这疯狂的前我们所有人现在都在完全猜测我的密码。 这似乎令人生畏,但是有一些了不起的开发人员创建了一些开源工具来管理此事务,而不必为企业加密支付企业价格。
此列表的目标: (Goals for this list:)
- Tools to be open source. 开源工具。
- Rate the ease of use of each. 评估每种工具的易用性。
- Define the encryption standards. 定义加密标准。
- Explain the pros and cons of each. 解释每种方法的优缺点。
1.密码器 (1. Cryptomator)
->易于使用:4.5 / 5 (-> Ease of use: 4.5/5)
Top of the list (easily) Cryptomator is one of the most straightforward, tried and tested, tools out there. Build to work with cloud, as well as local, encryption, they also have iOS, Android, MacOS, Windows, and Linux applications that are easy to use. They also have some great ties with other tools (Not open source but worth a look).
列表顶部(轻松) Cryptomator是其中最简单,经过尝试和测试的工具之一。 可以与云以及本地加密一起使用,它们还具有易于使用的iOS,Android,MacOS,Windows和Linux应用程序。 它们与其他工具也有很多联系(不是开源的,但值得一看)。
Cryptomator encrypts file contents and names using AES256 encryption (AKA the global standard). Your passphrase is protected against brute forcing attempts using scrypt. Directory structures get obfuscated as well as filenames.
Cryptomator使用AES 256加密(也称为全球标准)对文件内容和名称进行加密。 使用scrypt可以保护密码短语免遭强行尝试。 目录结构以及文件名变得模糊。
It’s is a free and open source software licensed under the GPLv3. This allows anyone to check the code and audit it. This means: no backdoor and constant scrutiny. It’s a zero trust system as the code is free to view/fork/clone right here! Their Docs are nicely written and they even provide a sanitizer tool encase your vault gets corrupted.
它是GPLv3许可的免费开源软件。 这样,任何人都可以检查代码并对其进行审核。 这意味着:没有后门和持续的审查。 这是一个零信任系统,因为代码可以在此处自由查看/分叉/克隆 ! 他们的文档写得很好, 他们甚至提供了一个清理工具,以防止您的金库损坏。
It can also be combined with Mountain Duck (Paid tool 39 USD — Yikes I know), you can create a seamless desktop experience with selective sync as well as some other neat features.
它也可以与Mountain Duck (付费工具39美元—我知道,Yikes)结合使用,可以创建无缝的桌面体验,并具有选择性同步以及其他一些巧妙功能。
Pros:
优点:
- Good encryption and brute force protection 良好的加密和蛮力保护
- Easy to use with nearly any cloud provider (build in integrations with several) 几乎可以与几乎所有云提供商一起使用(与多个提供商集成)
- Cross-platform (iOS, Android, Linux, Windows, Mac) 跨平台(iOS,Android,Linux,Windows,Mac)
- Very well recognized and active development 非常认可和积极的发展
- Encrypts file-by-file, not within a container (compare this with VeraCrypt) 逐个文件而不是在容器内加密(与VeraCrypt进行比较)
Cons:
缺点:
- Slow transfer speeds (Max ~ 15–150MiB/s depending on platform (Windows is best, Linux/Mac the worst)) 传输速度较慢(取决于平台,最大约为15–150MiB / s(Windows最佳,Linux / Mac最差))
-
Mobile Apps not open source
移动应用不是开源的
- Managing across devices can be complicated. 跨设备管理可能很复杂。
用它: (Use it:)
-
Download the app here (or via iOS / Play store).
- Select your folder (On desktop you’ll need Dropbox/Drive/etc provided Apps) 选择文件夹(在桌面上,您需要Dropbox / Drive / etc提供的应用程序)
-
Pick your passphrase (not a passWORD, applesarefruitsanddidyouknowtomatosarefruits is a password that would take 1 septendecillion years to crack.
选择您的密码(不是密码, applesarefruits和didyouknowtomatosarefruits 是一个密码,需要1九十亿年才能破解。
- You now have your Volume mounted as an external drive. 现在,您已将卷安装为外部驱动器。
- Place a file in the Drive and watch the magic happen. 将文件放在云端硬盘中,观察魔术发生的情况。
2. VeraCrypt (2. VeraCrypt)
->易于使用:3.5 / 5 (-> Ease of use: 3.5/5)
Well known, and trusted encryption. VeraCrypt is an source utility used for on-the-fly encryption. It creates virtual encrypted (mountable) disk within a file or encrypt a partition or the entire storage device. VeraCrypt is a fork of the discontinued TrueCrypt project. Improving on TrueCrypt and bringing it into the modern age.
众所周知的可信加密。 VeraCrypt是用于即时加密的源实用程序。 它在文件内创建虚拟加密(可安装)磁盘,或者对分区或整个存储设备进行加密。 VeraCrypt是已终止的TrueCrypt项目的分支。 在TrueCrypt上进行改进并将其带入现代时代。
Some of its features include:
它的一些功能包括:
- The ability to create a virtual encrypted disk inside of a file and then mount the virtual encrypted disk as if it were a real disk 可以在文件内部创建虚拟加密磁盘,然后像挂载真实磁盘一样挂载虚拟加密磁盘
- Encrypt a whole partition or a storage device, like a flash drive or a hard drive 加密整个分区或存储设备,例如闪存驱动器或硬盘驱动器
- The ability to encrypt a partition or a drive (Windows) making it possible for data to be read and written with the same speed as if the drive were not encrypted 加密分区或驱动器(Windows)的能力使得可以以与未加密驱动器相同的速度读取和写入数据
- Gives plausible deniability if you were forced to reveal your password using hidden volumes and hidden operating systems provide additional protection. 如果您被迫使用隐藏卷来显示密码,并且提供了进一步的保护,则提供合理的可否认性。
VeraCrypt runs on Windows, Linux and Mac. It keeps your files confidential, but does not protect the integrity, i.e. a hacker can’t read your files, but they could modify them without you noticing.
VeraCrypt可在Windows,Linux和Mac上运行。 它可以使您的文件保密,但不能保护完整性,例如,黑客无法读取您的文件,但是他们可以在不通知您的情况下修改它们。
If you want to use it to encrypt your Dropbox, you could put the encrypted container file in your Dropbox folder and it would get automatically synchronized to all devices connected to your Dropbox.
如果要使用它来加密Dropbox,可以将加密的容器文件放在Dropbox文件夹中,它将自动同步到连接到Dropbox的所有设备。
This is very convenient to use and it is secure. However, there is a problem with it. VeraCrypt is not designed to be used in the cloud and a container file can get very large (TB easily if you’re like me). When you set up your drive you have to choose a maximal size for your filesystem in advance and the container file will have this size, no matter how much of the space you actually use.
这非常方便使用并且安全。 但是,这有一个问题。 VeraCrypt并非旨在在云中使用,并且容器文件可能会变得非常大(如果您像我一样,很容易成为TB)。 设置驱动器时,您必须事先为文件系统选择一个最大大小,并且无论实际使用多少空间,容器文件都将具有此大小。
云中的用例 (Use case in the Cloud)
I create a large filesystem (movies, pictures,music,etc). Uploading it to the cloud for the first time, everything is fine. Now I add some additional photos of my Cat, changing some small files. This means that my large container file changes, and I must re-upload the whole container. Which is not convenient. Some cloud storage solutions (if you’re lucky) notice that only a small part of the container file changed, and will chunk the file and update the relevant chunk only. Conflicts can happen if you edit the file on another device before uploading, as you containers will be different. (AKA Gona have a bad time.)
我创建了一个大型文件系统(电影,图片,音乐等)。 第一次将其上传到云中,一切都很好。 现在,我添加了一些有关Cat的其他照片,更改了一些小文件。 这意味着我的大型容器文件发生了变化,并且我必须重新上传整个容器 。 不方便。 一些云存储解决方案(如果幸运的话)会注意到容器文件中只有一小部分发生了更改,将对文件进行分块并仅更新相关的块。 如果您在上传之前在其他设备上编辑文件,则可能会发生冲突,因为容器会有所不同。 ( 又名Gona日子不好过 )
Long story short, VeraCrypt is amazing, very secure with lots of encryption options to encrypt, but it’s not “build for the cloud”. Good for local file encryption, or if you just want to make a small vault with your important information, bad if you want total utter beautiful encryption.
长话短说,VeraCrypt令人惊叹,非常安全,具有许多加密选项可以加密,但它不是“为云构建”。 对于本地文件加密很有用,或者如果您只想使用重要信息制作一个小型文件库,那么对于完全完全美丽的加密则不利。
Pros:
优点:
- Feature rich, with multiple options for encryption/hashing. 功能丰富,具有多种加密/散列选项。
- GUI interface that is (relatively) easy to use. (相对)易于使用的GUI界面。
- Cross-platform (Linux, Windows, Mac) 跨平台(Linux,Windows,Mac)
- Very well recognized and active development. 非常公认和积极的发展。
-
Ability to hide containers, or hide a file within another container steganography).
Cons:
缺点:
- Single large container, regardless of files. 单个大容器,无论文件如何。
- Not cloud friendly. 不是云友好的。
- Not straightforward for most and files not accessible on a mobile. 对于大多数人来说并不简单,并且无法在移动设备上访问文件。
用它: (Use it:)
-
Download VeraCrypt here. Desktop only, no mobile apps.
在此处下载VeraCrypt 。 仅台式机,无移动应用程序。
- “Create a Volume” “创建卷”
- Hidden or Standard? 隐藏还是标准?
- Volume location (make a folder) 卷位置(创建文件夹)
- Select your encryption and your hashing algorithm (AES 128 or 256 are good, 512 if you’re a spy) 选择加密和哈希算法(AES 128或256较好,如果是间谍则为512)
- Define your volume size (It will be this size regardless of files) 定义卷大小(无论文件大小,都将是此大小)
- Define your passphrase (Remember, the longer the better) 定义您的密码(记住,时间越长越好)
- Pick your filesystem (exFAT is good across all platforms) 选择您的文件系统(exFAT在所有平台上都很好)
- SHAKE YOUR MOUSE AND MAKE SOME RANDOMNESS 摇动鼠标并设置一些随机性
- Mount and you’re done :) 挂载,您就完成了:)
3. RClone (3. RClone)
->易于使用:3/5 (-> Ease of use: 3/5)
Not typically viewed as an encryption tool, but RClone is the ultimate cloud torage multi-tool. It can: move, copy, sync, mount, check, chunk, delete, dedupe, cleanup, list, size, and of course encrypt.
通常不被视为加密工具,但RClone是终极的云计算多功能工具。 它可以:移动,复制,同步,安装,检查,组块,删除,重复数据删除,清理,列表,大小, 当然还可以加密。
I’ve written before about how to setup the basics of RClone and create add cloud storage systems here:
我之前写过关于如何设置RClone基础以及在此处创建添加云存储系统的文章:
Files are encrypted 1:1 source file to destination files. With a very good community and amazing documentation, RClone is my personal favourite. I use the tool across many of my projects and it’s very handy.
文件将1:1源文件加密为目标文件。 RClone拥有一个非常好的社区和令人惊叹的文档,是我个人的最爱。 我在很多项目中都使用了该工具,非常方便。
Crypto Overview
加密概述
The initial nonce is generated from the operating system’s crypto strong random number generator. The nonce is incremented for each chunk read making sure each nonce is unique for each block written. The chance of a nonce being re-used is minuscule. If you wrote an exabyte of data (1⁰¹⁸ bytes) you would have a probability of approximately 2×10⁻³² of re-using a nonce.
初始随机数是从操作系统的加密强随机数生成器生成的。 对于每个读取的块,随机数都会增加,以确保每个随机数对于写入的每个块都是唯一的。 随机数被重用的可能性很小。 如果您写入了1埃字节的数据(1字节),则重用随机数的概率约为2×10 3²²。
This uses a 32 byte (256 bit key) key derived from the user password. 256 bits being an ideal key size as it is far beyond any current brute forcing capabilities.
它使用从用户密码派生的32字节(256位密钥)密钥。 256位是理想的密钥大小,因为它远远超出了任何当前的强行强制能力。
1MB (1048576 bytes) file will encrypt to 1049120 bytes total (a 0.05% overhead). This is the overhead for big files.
1MB(1048576字节)文件将加密为总计1049120字节(0.05%的开销)。 这是大文件的开销。
Name encryption
名称加密
Filenames and also file folders can be encrypted or unencrypted optionally. And while you setup your “Crypt” folders, these granular options can be configured easily. File segments are padded using using PKCS#7 to a multiple of 16 bytes before encryption.
可以选择对文件名以及文件夹进行加密或未加密。 而且,当您设置“加密”文件夹时,可以轻松配置这些精细选项。 在加密之前,使用PKCS#7将文件段填充为16字节的倍数。
They are then encrypted with EME using AES with 256 bit key. EME (ECB-Mix-ECB) is a wide-block encryption mode presented in the 2003 paper “A Parallelizable Enciphering Mode” by Halevi and Rogaway. This method of encryption is very well studied and is a standard across many encryption systems today. This makes for deterministic encryption which is what we want — the same filename must encrypt to the same thing otherwise we can’t find it on the cloud storage system.
然后使用带有256位密钥的AES使用EME对它们进行加密。 EME(ECB-Mix-ECB)是一种宽块加密模式,在Halevi和Rogaway于2003年发表的论文“ A Parallelizable Enciphering Mode”中提出。 这种加密方法已得到很好的研究,并且是当今许多加密系统的标准。 这就是我们需要的确定性加密-相同的文件名必须加密为相同的东西,否则我们将无法在云存储系统上找到它。
This means that filenames with the same name will encrypt the same filenames which start the same won’t have a common prefix
这意味着具有相同名称的文件名将对以相同名称开头的相同文件名进行加密,而不会具有通用前缀
Key derivation
密钥派生
Rclone uses scrypt with an optional user supplied salt (password 2 in the setup) to derive the 80 bytes of key material required. If the user doesn’t supply a salt then rclone uses an internal one. Scrypt makes it impractical to mount a dictionary attack on rclone encrypted data. For full protection against dictionary attacks it’s always advised to use a salt, which can be enabled in the standard setup of rclone.
Rclone将scrypt与用户提供的可选盐(设置中的密码2)结合使用,以获取所需的80字节密钥材料。 如果用户不提供盐,则rclone使用内部盐。 Scrypt使得对rclone加密数据发起字典攻击是不切实际的。 为了全面防御字典攻击,始终建议使用盐,可以在rclone的标准设置中启用它。
4. GoCryptFS (4. GoCryptFS)
->易于使用:2/5 (-> Ease of use: 2/5)
A relative newcomer in the game
游戏中的新手
Gocryptfs, like VeraCrypt and Cryptomator, offers you a virtual filesystem, so the encryption is happening in the background and doesn’t interfere with your workflows. It doesn’t support Windows as standard (only Linux and Mac), but the creator has endorsed a third party client for Windows (cppcryptfs). As opposed to VeraCrypt, it doesn’t store your files in one big container file, but encrypts file-by-file (Similar to RClone).
Gocryptfs和VeraCrypt和Cryptomator一样,为您提供了一个虚拟文件系统,因此加密是在后台进行的,不会干扰您的工作流程。 它不支持Windows作为标准配置(仅Linux和Mac),但是创建者认可了Windows的第三方客户端(cppcryptfs)。 与VeraCrypt相对,它不会将您的文件存储在一个大容器文件中,而是对每个文件进行加密(类似于RClone)。
Built with speed in mind, the system is built using the GO Programming language, which is also very efficient. Meaning it can be run easily on a cheap VPS or RaspberryPi. Since there is an encrypted file for each of your files, a hacker can exactly see how many files you have, how large each file is and how they are structured into directories. These details can be compared to known files and persistent attackers can identify files being stored in your system. In a recent security audit, which was taken very seriously by the project owner, he addressed each concern and it’s open to read HERE.
考虑到构建速度,该系统使用GO编程语言构建,这也是非常有效的。 这意味着它可以在便宜的VPS或RaspberryPi上轻松运行。 由于每个文件都有一个加密文件,因此黑客可以准确查看您拥有多少文件,每个文件有多大以及如何将它们组织成目录。 可以将这些详细信息与已知文件进行比较,持久性攻击者可以识别存储在系统中的文件。 在项目所有者非常重视的最近一次安全审核中,他解决了每个问题,可以在此处阅读。
Gocryptfs uses GCM cipher mode. This means it doesn’t only protect confidentiality, i.e. against adversaries reading your files, but also integrity, i.e. against adversaries modifying your files without you noticing it. As well as using scrypt to protect against dictionary attacks.
Gocryptfs使用GCM密码模式。 这意味着它不仅可以保护机密性(即,防止对手读取文件的攻击),而且还可以保护完整性(即,防止对手在不注意的情况下修改文件)。 以及使用scrypt防止字典攻击。
GOCryptFS is being very activily maintained, although only by 1 developer. It is very stable and a system I am personally leaning towards (Mostly for it’s speed!)
尽管只有1个开发人员,但是正在非常积极地维护GOCryptFS。 它非常稳定,我个人倾向于使用该系统(主要是因为速度!)
Usage:
用法:
$ mkdir cipher plain
$ gocryptfs -init cipher
[...]
$ gocryptfs cipher plain
[...]5. CryFS (5. CryFS)
->易于使用:2/5 (-> Ease of use: 2/5)
CryFS like all other solutions described here, offers a virtual filesystem and you can work with your files without thinking about the encryption that is happening in the background. It was built specifically to be used together with Dropbox or other cloud storage providers. It supports Linux and Mac, and since version 0.10 has experimental Windows support (Untested by me).
像这里描述的所有其他解决方案一样, CryFS提供了一个虚拟文件系统,您可以使用文件而无需考虑后台发生的加密。 它是专门为与Dropbox或其他云存储提供商一起使用而构建的。 它支持Linux和Mac,并且自版本0.10起具有实验性的Windows支持(未经我测试)。
CryFS follows established security standards and is the only tool in this list that works without revealing file sizes. Below image from their website represents well how they store files, obfuscating folders, files, and names. As opposed to VeraCrypt, it keeps its data in small encrypted blocks and changing a small file results in only a small amount of data to be re-uploaded. More information on how this is achieved can be found here. The security of CryFS has been proven in a master’s thesis in 2015. As far as I know, CryFS is the only solution in this list for which this has been done.
CryFS遵循已建立的安全标准,并且是此列表中唯一可以在不泄露文件大小的情况下运行的工具。 他们网站上的下面图片很好地说明了他们如何存储文件,混淆文件夹,文件和名称。 与VeraCrypt相比,它将数据保留在较小的加密块中,更改较小的文件只会导致少量数据被重新上传。 有关如何实现此目标的更多信息,请参见此处 。 CryFS的安全性已在2015年的硕士论文中得到证明。据我所知,CryFS是此列表中唯一已完成此工作的解决方案。
CryFS offers confidentiality and, since version 0.10, also integrity of your data. This means, attackers cannot read your files, file sizes or directory structure, and also prevents attackers from modifying any of that. The main drawback of CryFS is that it is relatively new, and still in beta. The developers are actively developing it.
CryFS提供机密性,并且从0.10版本开始,还提供数据的完整性。 这意味着,攻击者无法读取您的文件,文件大小或目录结构,并且还阻止攻击者修改其中的任何内容。 CryFS的主要缺点是它相对较新,仍处于测试阶段。 开发人员正在积极开发它。
Limitations:
局限性:
A downfall is the number of files the system generates. With some online file storage, the total number of files is limited (TDrives can only store 400,000 files — which is massive but easily fill-able).
下降是系统生成的文件数。 使用一些在线文件存储,文件的总数是有限的(TDrives只能存储400,000个文件-很大但很容易填充)。
Secondly, an additional downfall is that if you store smaller files, you can create massive amounts of “extra” data, when your files are obfuscated. This can be an issue if you encrypt files smaller than a few MB. For larger files, no “extra” data is created, and the additional overhead is minimal.
其次,另一个缺点是,如果存储较小的文件,则在文件被混淆时可以创建大量的“额外”数据。 如果您加密的文件小于几MB,则可能会出现问题。 对于较大的文件,不会创建“额外”数据,并且额外的开销很小。
The developers state the speeds are between 80–170mbps, though that is on an SSD server and I personally havn’t tested that yet.
开发人员指出,速度在80-170mbps之间,尽管那是在SSD服务器上,我个人还没有测试过。
荣誉奖: (Honorable mentions:)
- encfs (In maintenance mode) encfs(在维护模式下)
- securefs (No updates in months so unsure) securefs(几个月内没有更新,因此不确定)
- 7Zip (Windows only but containers can be compressed and encrypted) 7Zip(仅Windows,但可以压缩和加密容器)
- eCryptfs (Linux only, but very well known and secure) eCryptfs(仅Linux,但非常知名且安全)
- Keka (MacOS only but containers can be compressed and encrypted) Keka(仅MacOS,但可以压缩和加密容器)
TL;DR
TL; DR
Cryptomator works everywhere (Desktop/mobile) and is good on cloud or locally. If you want to be fancy use RClone Crypt or GoCryptFS (CLI Based). VeraCrypt is great but not for cloud. Cool projects like cryfs are coming, but still in beta stage.
Cryptomator可以在任何地方(台式机/移动设备)工作,并且可以在云上或本地使用。 如果您想使用RClone Crypt或GoCryptFS(基于CLI)。 VeraCrypt很棒,但不适用于云。 像cryfs这样的酷项目即将到来,但仍处于测试阶段。
注释/补充: (Notes/Additions:)
Most of the information above is taken from the source sites themselves and I have referenced these as much as possible. Additional information was through my own trial and error in using these systems.
上面的大多数信息都是从源站点本身获取的,我已经尽可能多地引用了这些信息。 其他信息来自于我自己在使用这些系统时的反复试验。
Joseph Curto has shared his setup using a combination of GoCryptFS and VeraCrypt to layer security tools and maximize his security.
Joseph Curto使用GoCryptFS和VeraCrypt的组合共享了他的设置,以分层安全工具并最大化其安全性。
- After creating the GoCrypt Container he moves the config file (the encrypted key for the files) to a VeraCrpt Container using a different password. 创建GoCrypt容器后,他使用其他密码将配置文件(文件的加密密钥)移至VeraCrpt容器。
- When accessing/decrypting/mounting the GoCrypt folder, he first unencrypts the Veracrypt container and using the below command to point GoCrypt to the new location for the config file: 在访问/解密/挂载GoCrypt文件夹时,他首先对Veracrypt容器进行解密,并使用以下命令将GoCrypt指向配置文件的新位置:
gocryptfs -config /veracrypt/folder/with/gocryptfs.conf /gocrypt/encrypted-folder/ /mount-point/folder/decrypted-
umount the in clear folder (GoCryptFS folder);
卸载透明文件夹(GoCryptFS文件夹);
- Close VeraCrypt container. 关闭VeraCrypt容器。
Advantages to this setup:
此设置的优点:
- Layering is always good. Using 2 different services reduces the risk if one is compromised. 分层总是好的。 如果其中一项受到损害,则使用两种不同的服务可以降低风险。
- It keeps the VeraCrypt container small. Making it easy to sync with cloud storage. 它使VeraCrypt容器保持较小。 轻松与云存储同步。
Disadvantages:
缺点:
- More complicated — this method would be for advanced users who are more comfortable with the command line approach. 更复杂-此方法适用于更熟悉命令行方法的高级用户。
- Multiple passwords — lose one password and there is no recovery. This is good/bad, as that is also the point of this article. 多个密码-丢失一个密码,无法恢复。 这是好是坏,因为这也是本文的重点。
Thanks Joesph for sharing, I hope I have explained it the way you intended. — David.
感谢Joesph的分享,我希望我已经按照您的意图进行了解释。 - 大卫。
翻译自: https://medium.com/@sharkeyio/encrypt-all-the-things-store-your-data-safely-anywhere-4ae8037cc606