Hardware

How to Setup Encryption on Synology NAS

Protecting your private data is very important. Synology also cares about your data. So, every Synology NAS unit has built-in support for data encryption. Synology supports 256-bit AES (Advanced Encryption Standard) data encryption. In this encryption method, your data is stored on the shared folders in an encrypted format with a set of encryption keys. 256-bit AES encryption allows the Synology NAS to block all unauthorized access attempts on your encrypted data.

This article will show you how to create an encrypted shared folder, set up encryption on an existing shared folder, mount and unmount encrypted shared folder, automatically mount encrypted shared folders, and access encrypted shared folders on your Synology NAS. So, let’s get started.

Creating an Encrypted Shared Folder:

To create an encrypted shared folder, click on the Control Panel app icon from the Synology Web management interface as marked in the screenshot below.

The Control Panel app should be opened.

Click on Shared Folder as marked in the screenshot below.

Click on Create as marked in the screenshot below.

Click on Create.

The Shared Folder Creation Wizard should be opened. You can create a new shared folder from here.

Type in a name for the shared folder. I will call it encrypted_share in this article.

Select a volume that you want the shared folder to use from the Location dropdown menu as marked in the screenshot below.

Once you’re done, click on Next.

You can configure encryption from here.

Check the Encrypt this shared folder checkbox to enable encryption for this shared folder.

Now, type in an encryption key or password and click on Next.

NOTE: Make sure that you don’t forget the encryption key or password. If you do forget it, all of your important data will be lost forever.

You can enable data checksum, file compression, shared folder quota for this shared folder from here.

All of these are optional. So, you can leave them as they are if you want.

Once you’re done, click on Next.

The shared folder settings will be created, displayed, as you can see in the screenshot below.

To create a shared folder with these settings, click on Apply.

Click on Yes.

An encrypted shared folder encrypted_share is being created. It may take a few seconds to complete.

Your browser should prompt you to save the encryption key file of the shared folder.

Navigate to a safe location on your computer and click on Save to save the encryption key file of the shared folder.

Your browser should download the encryption key file and save it to your desired location on your computer.

Now, set Read/Write permissions for the users that you want to allow access to the encrypted shared folder and click on OK.

The encrypted shared folder encrypted_share should be created, as you can see in the screenshot below.

Encrypting Unencrypted Shared Folders:

You can also encrypt a shared folder that you’ve already created without encryption.

To encrypt an existing shared folder, navigate to the Shared Folder section of the Control Panel app

Select the shared folder you want to encrypt, and click on Edit as marked in the screenshot below.

Navigate to the Encryption tab as marked in the screenshot below.

Check the Encrypt this shared folder checkbox as marked in the screenshot below.

Type in an encryption key or password and click on OK.

NOTE: Make sure that you don’t forget the encryption key or password. If you do forget it, all of your important data will be lost forever.

The files that are already in the shared folder will have to be encrypted as well.

To confirm the encrypt operation, click on Yes.

Click on Yes.

The shared folder is being encrypted. It may take a while to complete depending on how much data you already have on this shared folder.

Once the shared folder is encrypted, your browser should prompt you to save the encryption key file of the shared folder.

Navigate to a safe location on your computer and click on Save to save the encryption key file of the shared folder.

Your browser should download the encryption key file and save it to your desired location on your computer.

The shared folder should be encrypted, as you can see in the screenshot below.

Mounting and Unmounting Encrypted Shared Folders:

If an encrypted shared folder is not mounted, you should see a lock symbol (

) in the shared folder.

If an encrypted shared folder is mounted, you should see a unlock symbol (

) in the shared folder.

The encrypted shared folders encrypted_share and Projects are not mounted, as shown in the screenshot below. To mount an encrypted shared folder, you must unlock it.

To mount an encrypted shared folder, select it and click on Encryption > Mount as marked in the screenshot below.

You can either mount the encrypted shared folder using the encryption key or password or the encryption key file you’ve downloaded on your computer.

Once you’ve typed in the encryption key or password or selected the encryption key file from your computer, click on OK.

I will use the encryption key or password to mount the shared folder in this article.

The encrypted shared folder should be mounted, as you can see in the screenshot below.

Now, let’s see how to unmount an encrypted shared folder.

To demonstrate how to unmount an encrypted shared folder, I have mounted the Projects encrypted shared folder in this article article.

To unmount the Projects encrypted shared folder, select it and click on Encryption > Unmount as marked in the screenshot below.

To confirm the unmount operation, click on Yes as marked in the screenshot below.

The Projects encrypted shared folder should be unmounted, as you can see in the screenshot below.

Automatically Mounting Encrypted Shared Folders:

By default, encrypted shared folders will not be automatically mounted. You will have to manually mount the encrypted shared folders using the respective encryption key or password or encryption key file.

You can configure your Synology NAS to mount the encrypted shared folders if you want automatically.

To mount the encrypted shared folders automatically, navigate to the Shared Folder section of the Control Panel app as marked in the screenshot below.

Click on Action > Key Manager as marked in the screenshot below.

If you’re accessing the Key Manager for the first time, you may see the following window. Just click on OK.

The Key Manager window should be opened.

Click on Add.

The Add Key window should be opened. You can add an encrypted shared folder and its encryption key to the Key Manager from here. This way, the shared folder will be automatically mounted the next time you boot your Synology NAS.

Select the encrypted shared folder that you want to mount automatically from the Shared Folder dropdown menu as marked in the screenshot below.

Now, you have to type in the encryption key or password or select the encryption key file of your selected encrypted shared folder in the Encryption Key section as marked in the screenshot below.

Once you’re done, click on OK.

Your desired encrypted shared folder and its encryption key should be added to the Key Manager, as you can see in the screenshot below.

To automatically mount the encrypted shared folder that you’ve added to the Key Manager, check the Mount on Boot checkbox of that encrypted shared folder as marked in the screenshot below.

Once you’re done, click on OK.

As you can see, I have 2 encrypted shared folders encrypted_share and Projects. I have configured the encrypted shared folder encrypted_share to automatically mount on boot. The Projects encrypted shared folder is not configured to mount at boot time automatically.

Let’s restart the Synology NAS and see what happens.

To restart the Synology NAS, click on the profile icon (

) at the Synology Web management interface at the top-right corner and click on Restart as marked in the screenshot below.

To confirm the restart operation, click on Yes.

Your Synology NAS should restart. It may take a while to complete.

Once your Synology NAS boots, you should see that the encrypted shared folder you have configured to mount automatically at boot time is mounted.

In my case, the encrypted_share shared folder is mounted automatically at boot time, as you can see in the screenshot below.

The Projects encrypted shared folder is not mounted, as you can see in the screenshot below.

Accessing Encrypted Shared Folders:

You can access the mounted encrypted shared folders from the File Station app just the same way as you access unencrypted shared folders, as you can see in the screenshot below.

Exporting Encryption Key of Encrypted Shared Folders:

If you’ve lost the encryption key file and you feel like you need to keep a backup of the encryption key file just in case you forget the encryption key or password, then this section is for you.

To export the encryption key of an encrypted shared folder, navigate to the Shared Folder section of the Control Panel app as marked in the screenshot below.

Now, make sure that the encrypted shared folder you want to export the encryption key file off is mounted.

I will export the encryption key file of the encrypted shared folder encrypted_share, and it’s mounted, as you can see in the screenshot below.

Now, select the mounted encrypted shared folder and click on Encryption > Export key as marked in the screenshot below.

Type in the encryption key or password of that encrypted shared folder and click on OK.

Your browser should prompt you to save the encryption key file of the shared folder.

Navigate to a safe location on your computer and click on Save to save the encryption key of the shared folder.

Your browser should download the encryption key file and save it to your desired location on your computer.

Conclusion:

This article has shown you how to create an encrypted shared folder and encrypt an existing shared folder. I have also shown you how to mount and unmount an encrypted shared folder. I have shown you how to configure the Synology NAS to automatically mount an encrypted shared folder as well.

About the author

Shahriar Shovon

Freelancer & Linux System Administrator. Also loves Web API development with Node.js and JavaScript. I was born in Bangladesh. I am currently studying Electronics and Communication Engineering at Khulna University of Engineering & Technology (KUET), one of the demanding public engineering universities of Bangladesh.