EncFS Reverse Mode
The EncFS reverse mode stores clear text files and uses a virtual mount point to present encrypted translations of the files.
On the clear text side ( seetableonthepreviouspage), Syncthing creates the .stfolder in the clear text directory where real data is stored, so the clear text Syncthing peer group on the bridge computer will always operate whether or not EncFS is presenting encrypted files to the other side. This is okay no matter if the sync root and encfs root are the same or whether one is nested inside the other.
For the encrypted side virtual directory, if sync root is below EncFS root and EncFS stops, then the sync folder will vanish and you’ll see a “folder missing” error from Syncthing. This could be fine because
Syncthing will resume when EncFS resumes. However, with different relationships between root directories, there are problems. If EncFS and Syncthing have the same root directory, when EncFS runs, it will take over the mount point and make visible only encrypted versions of files at the mount point. Syncthing won’t see any .stfolder in the underlying mount and will enter “Stopped” status, which isn’t desired. If you try to create .stfolder after EncFS is running, you’ll get a file creation “Input/Output” error because
.stfolder can’t be unencrypted. If sync root is above EncFS root, the .stfolder will always be present in the sync root, whether or not EncFS is making all the encrypted files visible in a subdirectory. If the offsite Syncthing peer group synchronises while EncFS isn’t running, the absence of the encrypted files will be propagated through all your off-site backup sites (aka delete all files), which is not what you want!
This unwanted behaviour is summarised in the previous table.