…submitted by Matt… Here’s the actual question: If iFolder 2 encrypts the data, how does Netstorage get to it?
NOTE: This is about iFolder2. Do not confuse with iFolder3, which is a different beast altogether…
Just think about how it accesses other shares first; on *their* terms, right? Meaning, NetStorage is essentially a web-based client to standard communication protocol-based remote storage that has been defined by the administrator (ncp, samba, ssh). In that respect, it is no different for iFolder2.
However, since iFolder2 encrypts all data that is to be trasferred from the client, it requires a passphrase from the user/client to be used as the encryption/decryption key. The data is stored on the server in this encrypted state.
NetStorage uses the credential of the user currently logged-in to the web interface to retrieve the passphrase for the iFolder2 store from the directory. The passphrase is encrypted and stored in the “xTier-iFolderPassphrase” attribute. It is initially set by the user in the NetStorage interface, and there is no default value.
All this behind-the-scenes magic allows the user to access their iFolder2 data (decrypted) via the NetStorage web interface just like any other defined data store in NetStorage. The beauty here is that the data remains encrypted right up to the presentation at the web interface. Then, you hopefully are using SSL/TLS while using NetStorage, and then your data is encrypted with the certificate all the way back to your browser.