What is the difference between Rclone and OpenSSL based encryption?

PhotoSync offers Rclone and OpenSSL compatible encryption for Client-Side Encryption. Both are very safe options to protect your data and offer specific advantages based on your usage scenario.

Rclone Crypt

We recommend Rclone based encryption for the following use cases:

• You want to use encryption / decryption only within PhotoSync. In this case the Rclone option provides the best performance and security
• You want to access encrypted photos & videos also on your Mac, Windows or Linux PC or NAS in a convenient way and are able to install the Rclone command line tool on your computer
• You want to mount your encrypted photos & videos as a dedicated drive on your computer for the most seamless user experience
• You already use Rclone

OpenSSL compatible

We recommend OpenSSL based encryption for the following use cases:

• You cannot install any software (like the Rclone command line tool) on your device, but it has the OpenSSL command pre-installed
• You want to develop your own scripts for decryption or want to integrate decryption into your own software

Therefore, we generally recommend using Rclone based encryption unless you have specific requirements in your workflow that require using OpenSSL based encryption.

Technical comparison between Rclone and OpenSSL based encryption

Feature	Rclone Crypt	OpenSSL comptabile
Cryptographic Algorithm	NaCl SecretBox (XSalsa20 & Poly1305)	AES-256-CBC
Key Derivation Hash Function	scrypt (16384 iterations, not configurable)	PBKDF2 (600000 iterations, configurable). SHA256 and MD5 configurable as alternative
Authenticated Encryption (AE)	Yes	No
Encryption of File Names / Directory Names	Available (configurable)	No
Decryption without using PhotoSync	Convenient (use Rclone command line program to decrypt and also access NAS, cloud services)	Possible (OpenSSL command line utility)