How to transfer files securely

I was wondering how to transfer files between my computers wich both have qubes installed. At first i thought to use a usb but i saw that it is not quite secure. Any ideas?
I must stress it has to be secure :closed_lock_with_key:.

Could you be more specific about what threats you are concerned about? Why are USB devices not secure enough?

An encrypted USB device may do the trick and won’t involve third parties.

Otherwise syncthing works well, it’s end to end encrypted and you can run your own relays if you want, but by default the encrypted data pass through community operated relays. If they are on the same network, you would have to expose at least one syncthing to the network so it’s reachable by the other without using the remote relay.

Thanks :+1:.

They are pretty secure but if i am transferring a file to my computer and it is compromised it could theoretically be infected. I was hoping for something like a one way file sharing but nvm.

There is a topic about this but I’m not sure if you’ll be able to access it:

Yeah private

The analysis in this thread seems decent. I question the wisdom of placing more trust in communication with a large number of remote machines than a local device.

Depends do you want convenience or security. Local is probably the most secure if you are absolutely sure that it is not compromised in any way. But that applies to the remote machines as well.

What do you mean by compromised?

The USB device gets attached to sys-usb, and from there pass to a presumable disposable qube where you can copy the files to a vault.

It really shouldn’t matter if the original host was compromised.


The original question was for a method that is more secure than USB transfer. Using the networked system might be more convenient, but it is not more secure. Context matters.

Additionally, placing more value on convenience does not mean increasing trust in the convenient system. It means decreasing the amount of trust required before approving the use of a system.

Finally, the fact that anything can be theoretically compromised does not mean that all risks are equal. Attacking someone through a malicious USB device requires specific targeting and some sort of physical interaction. Transfers over a network require, for the most severe vulnerabilities, only a single compromised node in order to monitor or alter traffic going to any user.

1 Like

Also note that independently of how you transfer data from one domain to another, the recommendation against copying data from a less trusted domain to a more trusted domain still stands.

[…] one should keep in mind that performing a copy and paste operation from less trusted to more trusted qube is always potentially insecure […] (source)

Note: In Qubes OS context, domains, called qubes often correspond to virtual machines (VM) but they are not limited to that.

A secure compartment in Qubes OS. Currently, qubes are implemented as Xen VMs, but Qubes OS is independent of its underlying compartmentalization technology. VMs could be replaced with a different technology, and qubes would still be called “qubes.” (source)

If your USB drive or network are exposed to different threats than the qube at the source of your data, you may want to take that into account when deciding if you want that data to end up in the destination qube. Same thing as if you suspected that the source qube might be compromized (whatever the definition of compromized is in your context.) In other words: more than two qubes might be involved in a data transfer!

1 Like

Don’t forget that you can also use the Qubes backup tool, which also avoids the worry about copying from less-trusted to more-trusted domains, since it uses authenticated encryption.

1 Like

Note that’s for the intermediary (transfer) qubes, if the source qube of the data is less trustworthy than the destination, no amount of encryption or authentication will change that.

But this thread topic is precisely about how to transfer data, and this is an excellent point!

Yes, thanks for clarifying. What I meant is that it avoids the worry about the parts of the transfer between the two Qubes machines being less trusted. For example, if I have an untrusted USB drive, I can safely use the Qubes backup tool to move data from one Qubes machine to another by copying my Qubes backup onto that untrusted USB drive from one machine, then restoring from that Qubes backup on a different Qubes machine. This is because the Qubes backup/restore system is designed under the assumption that the storage location of the Qubes backup is untrusted.

However, after I’ve restored on the second machine, I (still) cannot safely move data from less-trusted to more-trusted qubes on that machine. In other words, you are correct that the fact that the data came from a Qubes backup doesn’t somehow magically make all of it “clean” or trusted after it’s restored.