Duple Documentation and Tutorials

Summary

What is Duple? How does it work?
How can you do it?
Can you explain a bit more?
Does it need your servers to function?
Is there any centralised server component required to run?
Doesn't the app rely on your server to "register" the location of my private cloud?
Is there a central service that handles anything?
What kind of encryption does it use?
Do you have per-file encryption at rest?
How does the encryption work?
How does it manage encryption keys?
What's the security like?
How can we be sure it's not opening our files to anyone who scans our network?
How do I access my data from my workstation when it's a USB connected to my router?
How does the USB reach the outside world since the router is running its own locked down software?
How do I connect to the storage if I have a dynamic IP?
Can you have multiple remote servers? or is each "node" equivalent?
Will the product support multiple storage points for both RAID and/or multiple folders?
How will the files be accessed outside the local network?
Are the nodes that sync peers? None of the nodes is a server as such?
Does this work with a vps?
Does it make off site backups at a friendly/secure location (ie. crashplan's P2P backup). Does this do this? Can you store the "repository" on another computer hosted by a friend (and vice versa)?

Q: What is Duple? How does it work?

A: Duple is a private cloud with a Client/Storage architecture, you just need the client app and a storage endpoint. It is like having a Dropbox client connected to a git repository. No Client/Server/Storage or Peer to Peer structure, just Client/Storage structure. It can be a simple USB hard drive, FTP, S3, etc... If you can access your repository folder, you can access your private cloud.

Our repository folder works like a git repository (meaning it is a content addressable storage using blob, tree and commits), but it is not compatible with git and has nothing to do with the git software. Everything was built from scratch. We didn't use the git repository format because it was not made to handle big files, but source code.

Q: How can you do it?

A: We’ve got a technology that does everything on the client side in the app, so the app handles everything from doing the commits, synchronising with all the other devices, making sure nobody writes to the Duple repository at the same time, etc. We’ve built a Dropbox without server, just plug any storage and it works.

This technology is made of 13K lines of code, test covered at 90%, regrouped in a C 89 library. To achieve this, we had to solve a lot of technical problems that nobody solved before (e.g. locking mechanism without server that can handle 25 simultaneous connections without breaking).

Q: Can you explain a bit more?

A: You have one repository folder and one folder Duple on each device where you can access your cloud. This Duple folder works like a Dropbox folder, and everything is synchronized in multidirectional way between all the devices (all the Duple folders) and the repository folder which contains the totality of the private cloud. On each device (where the app client is installed), you have to tell it how to connect to the repository folder. You can tell the app multiple ways to connect to the repository folder, so if one doesn't work, it will try another one until it succeeds. This allows it to be very flexible, wherever you are (local network, outside your home, storage plugged in USB, etc...).

However there is only one repository folder, which represents the private cloud, and one Duple folder per device which works like a Dropbox folder. The totality of the private cloud data is in the repository folder and partially or totally in each Duple folder depending on your device configuration. There is no server app, just a client app.

Duple is not P2P: your devices are connected to your repository, which means each device synchronises with it. So you won't lose your data, there's always a backup.

There is no server, just storage endpoints. We do not have peers or servers. Our model is Client/Storage, the client app is connected directly to a Duple repository containing the entirety of your cloud.

We're offering a private cloud. You can take a look at the list of functionalities here.

Q: Does it need your servers to function?

A: There is no data passing through our server, the app is directly connected to your storage, without going through us.

Q: Is there any centralised server component required to run?

A: No, there is no server app required. However you need to be able to access your storage, so it is better to have a NAS or a USB hard drive connected to your network. But it also works with a local USB storage or mounted shared folder.

Q: Doesn't the app rely on your server to "register" the location of my private cloud?

A: No, the app doesn't rely on servers to register the location of your private cloud. It doesn't communicate with our servers for anything (we don't have servers to do that anyway). You are 100 % autonomous, and also responsible for your infrastructure and storage. You add ways to connect to your storage into the app, and the app checks which one works and uses it.

Q: Is there a central service that handles anything?

A: There is no central service, clients only connect to a same shared folder. An internal algorithm handles the orchestration. If interested here's some documentation on it.

Q: What kind of encryption does it use?

A: The scheme we're thinking of using is End-to-End Encryption using Serpent for file encryption and chacha20 for the generation of the keys (one per element). This can evolve in the future.

Q: Do you have per-file encryption at rest? Meaning you don't have a giant sparse file container for the repository, but rather each file is transformed into an encrypted file.

A: Yes, the repository folder works like a blob storage, so each blob has its own key.

Q: How does the encryption work? If I backup to a little duple server at a friend’s house, would the files on their server be encrypted? If I then lost my computer would I be able to redownload those files remotely, or would it have to be physically connected to that server? And if I then get those encrypted files back, how does it get decrypted?

A: The encryption is end to end using a key file stored in the repository folder and in all the devices. This key file is protected by your password. There is no server. The files stored on the storage (in your friend’s house or elsewhere) are always end to end encrypted.
If you lose your computer, you can reconnect to your cloud and download your files again (they will be decrypted automatically on your new device) by (1) going physically to your storage at your friend's house (2) depending on how you configured your storage, you may just connect to it from distance using your user/password (3) if you enable the “easy connect” service (which will be implemented in a few months), you can reconnect to your cloud from anywhere, just with your user/password.

(Please note: E2EE is not yet implemented with the beta, it will be implemented soon)

Q: How does it manage encryption keys? Rotation? Invalidation? Re-encryption of files? Where does it reuse keys? Does each device have its own keychain? How are new devices added? How are files distributed securely?

A: The scheme (may be evolving in the future) is to use a lazy revocation key management. There is one key per element in the repository folder generated using chacha20. Each device has its own certificate, when you add one device the master certificate has to validate the new device's certificate and then send the encrypted encryption key using this certificate. Since it's E2EE, the file are distributed safely. We will release the encryption documentation when the feature is ready to explain in details how it works.

Q: What's the security like?

A: Security is SSH protocol + End-to-End Encryption (E2EE not in beta, it will be implemented soon).

Q: How can we be sure it's not opening our files to anyone who scans our network?

A: Because Duple is not compatible with unsecure connections. It only uses SSH, FTPS or S3 (coming soon).

Q: How do I access my data from my workstation when it's a USB connected to my router?

A: Because your router is connected to internet, the app uses FTPS to connect to it (so it's safe) and FTPS is available on both sides of the router (local network and internet interface). From a user experience point of view, it's the same as Dropbox.

Q: How does the USB reach the outside world since the router is running its own locked down software?

A: You connect to the USB key via FTPS. And every router runs on Linux where SSH is available.

Q: How do I connect to the storage if I have a dynamic IP?

A: You can configure a dynamic DNS name like dyn. You can add as many ways to connect to your storage as you need, the app will try each one until it finds one configuration that works. You can have one config with your local IP, another with your external IP, another with your dynamic DNS name, etc... We will have in the future our own dynamic DNS name service that will be included in the app price, so people don't have to pay for it with another company if they don't want to.

Q: Can you have multiple remote servers? or is each "node" equivalent?

A: Just to clarify, there is no server, just storage endpoints. At the moment only one storage endpoint per cloud is available. In the future we will have RAID functionalities that allows you to have multiple storage endpoints per cloud.

Q: Will the product support multiple storage points for both RAID and/or multiple folders?

A: Yes, but in the future, not right now.

Q: How will the files be accessed outside the local network?

A: From a user experience perspective, it doesn't change anything to be inside or outside your network. From a technical point of view, it depends how you configure your storage endpoint into the app. So you can have multiple connections: one when you are inside your local network, one when you are outside your local network, etc. You tell the app how to connect to the storage endpoint in the different cases. In the future we will have automatic configuration for the storage plug to the router, so configuring manually the connection will not be required anymore.

Q: Are the nodes that sync peers? None of the nodes is a server as such?

A: We do not have peers or servers. Our model is Client/Storage, the client app is connected directly to a Duple repository containing the entirety of your cloud.

Q: Does this work with a vps?

A: Yes it does. Works everywhere you can have SSH (SFTP), FTPS (FTP over TLS), or S3 (coming soon) access.

Q: Does it make off site backups at a friendly/secure location (ie. crashplan's P2P backup). Does this do this? Can you store the "repository" on another computer hosted by a friend (and vice versa)?

A: Yes.