Encryption of data in Dropbox

⇡ # Oh how many times repeated to the world …

… that confidential data can not be trusted by anyone. That's the other day a small scandal broke out around the Dropbox service, which previously assured users that their files are securely encrypted on servers and no one else can access them. Alas, in fact, the company's employees are only forbidden simply to view user data, and on the appropriate request from law enforcement and not very authorities Dropbox is ready to provide any files of any user. It all resulted in a lawsuit against the company. And in general, not for the first year, there are talks that the architecture of the service itself is not as reliable as it would seem. Even there are utilities that exploit, let's say, not quite obvious features of Dropbox. The project, which leads the previous link, by the way, was closed under the pressure of the company's lawyers. For the sake of justice it is worth noting that in the official "wiki" of the project there is a page with tips for improving the security of stored data.

One of them we'll use – encrypt your data in Dropbox with EncFS. EncFS is a virtual cryptographic file system. A folder with encrypted files, which we will store in Dropbox, is mounted in any other folder on the user's computer, where all data is presented in plaintext. That is, for the end user, working with files remains absolutely transparent. Encryption is carried out using keys AES or Blowfish, while the key itself is also stored in a protected directory, and the names of files and folders in it, if desired, turn into an unreadable abracadabra. Another advantage of EncFS is its easy extensibility, that is, there is no limit to the size of the "volume" both in the smaller and larger side.

For software that works in conjunction with Dropbox, it is equally important that, unlike, for example, cryptocontainers, if one file is changed, only it will be synchronized, and not the whole container. As a result, the synchronization rate increases noticeably. Finally, EncFS is cross-platform and runs on Windows, Linux and Mac OS X. We'll look at configuring the Dropbox + EncFS bindings on all three systems, but nobody prevents EncFS from adapting to encrypt any other data. Perhaps the only serious drawback is the inability to use mobile clients and the Dropbox web interface to work with encrypted folders.

⇡ # Configuring EncFS on Windows

To begin with, we agree that we already have Dropbox installed on all machines and in all operating systems. The easiest way to use encryption is to install the BoxCryptor utilities for Windows XP / Vista / 7. At the first start, it will detect the presence of Dropbox and offer to store the secret data in it. We agree, by clicking the Yes button.

Then the settings window opens, where you can change the location of the folder with encrypted data and where you need to specify the letter of the logical drive where EncFS will be mounted.

After that, you must enter the password twice to access the data. This completes the setup. You can work with a new virtual disk in the same way as with a regular one – copy files, edit them, create folders and so on. When you turn off the program, the volume will be automatically unmounted.

In the free version of BoxCryptor, you can create a logical volume of no more than two gigabytes, that is exactly as many as the default Dropbox provides.

At the moment BoxCryptor only supports AES 256-bit algorithm and can not encrypt file and folder names, and also does not support a number of other EncFS features. In principle, even the level of security provided by this utility should be enough for ordinary users.

Sample file before and after encryption

An alternative project without limits on the amount of encrypted data is called encfs4win. Like BoxCryptor, it uses the FUSE analogue under Windows Dokan (it will have to be downloaded and installed) to mount third-party FS. Download the archive with the program and unzip it, for example, in C: Program Files , and then run encfsw.exe. In the tray there will be an icon with a key, on which you should right-click and select the item Open / Create in the menu. If you already have an encrypted folder, you will need to specify the path to it, and then select the letter of the volume where EncFS will be mounted and enter the password.

Creating a new volume occurs in a similar way. Select Open / Create, specify the folder for encryption, select the drive letter and enter the password twice. Note that when you turn on Set paranoia mode, the newly created partition will not work with BoxCryptor. After adding or creating volumes in the same menu, items appear for quick mounting and unmounting volumes. In it, you can also tick the Start at login check box to enable encfs4win to start automatically when you log in.

⇡ # Configuring EncFS on Linux

For example, consider working with EncFS in Ubuntu 11.04 as in the most popular Linux distribution. The first step is to install the EncFS module and the useful utility Cryptkeeper. In the console (Applications → Standard → Terminal), enter the following command:

sudo apt-get install encfs cryptkeeper

Press Enter, enter the password from the account, press Enter again and agree (Y, Enter) with all the offers of the installer.

Now start Cryptkeeper directly, which is located in the Applications → System Utilities menu. In the notification area there will be an icon with two gray keys, by which you should right-click. If we already have an encrypted folder in the Dropbox, we need to select the "Import EncFS folder" item. The setup wizard starts. Choose our encrypted folder and click "Forward."

The next step is to select the folder where the EncFS volume will be mounted and where the files will be available in plaintext. In the "Name" field, specify the name of the virtual volume.

Click "Next" – this completes the setting.

The menu item Cryptkeeper now has an item for fast mounting of the EncFS volume.

Click on it, enter the password, and among the disks appears our coveted decrypted volume.

Creating a new EncFS volume is just as easy. In the same menu, click on the item "New encrypted folder". Use the wizard to select a folder or create a new one in the Dropbox directory that is in the home directory, and click Forward.

Double-enter the password and press "Next" again. All, now you can quickly mount a freshly created volume from the same Cryptkeeper menu.

⇡ # Configure EncFS on Mac OS X

On Mac OS X, the setup procedure is slightly more complex than in other operating systems. We will use the MacPorts ports system, but before that we will have to install the XCode development environment. In principle, it is not necessary to download the latest version of XCode, which, together with the SDK for iOS, is already painfully weighty. It's enough to get by version 3.2.1, whose dmg-images can easily be found on the Web. At installation it will be necessary to mark item UNIX Dev Support (Unix Development).

Then you need to install MacPorts by downloading the installer from here.

Now we need to start the terminal (Programs → Utilities) and execute a couple of commands in it. Please note that for correct operation of sudo, it is necessary that the administrator account has a password set. It may be necessary to install MacFUSE in addition, although it is included in MacPorts.

 sudo port -v selfupdate 
sudo port install encfs;

It will be necessary to wait for a while, until the necessary programs are assembled and installed. Create a folder at the same time anywhere on the disk (for example, in the home directory ~), where the decrypted data will be available. To mount EncFS in the terminal, execute the following command and enter the password.

encfs ~ / Dropbox / encrypted_folder / / unencrypted_folder / -ovolname = any_name_name

Exactly the same command creates a new EncFS volume. Unless you need to first create a folder in Dropbox for private data. Initially, you will be prompted to configure the EncFS settings. The easiest way is to select the Paranoia mode by typing p and pressing Enter. Again, with BoxCryptor this volume will not work. Then you must enter the password twice to encrypt the data.

This completes the setup. To unmount the EncFS volumes, enter the following command in the terminal:

umount / path / before / unencrypted / folder /

⇡ # Conclusion

As you can see, setting up encryption in Dropbox is not so difficult. However, we must understand that the cause of many security problems, as a rule, is the interlayer between the chair and the monitor, however rude it may sound. What is the use of a very strong password that is carefully copied to a sticker glued to the monitor? In general, be reasonable and do not trust storing important information to anyone or anything. And then your nerves will be smooth and silky.

If you notice an error – select it with the mouse and press CTRL + ENTER.

Leave a Reply