EncFS Cloud Storage Encryption Tutorial | Encrypting DropboxCategory: cloud
A 4 Minute Read
05 Jan 2014
Support The Tin Hat on Patreon! Just one dollar makes all the difference in helping me write more content!
In the past few years there has been a massive push by marketers to try and get us to buy into "The Cloud". Services such as Dropbox, Skydrive, and Google Drive have become nearly ubiquitous, as their convenience for easy file backup and sharing among multiple devices is unmatched. Even changes to files can be automatically saved, with a history of revisions just in case you accidentally save an unwanted change.
Recently, these services have come under question as people start to become more concerned about organizations like the NSA spying in on their data, and rightfully so. With recent scares of Dropbox reading your data, and, well, everybody's compliance with NSA backdoors, some are moving off this supposedly magical cloud.
But what do we do if we want to stay on the cloud, we just don't want our data to be read? Luckily, there's a tool for that.
EncFS is an encryption suite that has two specific characteristics that make it well suited for encrypting cloud storage. The first is that it protects files individually. Other solutions, such as Veracrypt, suffer from the problem of not synchronizing with the server when changes are made. Fortunately, EncFS’s individual file encryption results in every change you make to a file being recognized by the cloud software (ie Dropbox) and uploaded.
The second characteristic of EncFS is its variable file sizes. This means that if you upload a 1 megabyte picture, then you only upload a 1 megabyte picture. If later you increase the size of this very same picture to 5 megabytes, then everything adjusts accordingly. Veracrypt, on the other hand, has significant limitations in this regard, leading to not only more hassel but also wasted space on your cloud account.
It should be noted that EncFS is NOT the only secure method of protecting cloud data, nor is it necessarily the most secure. Services such as Spideroak have strong privacy claims, and may be more seamless than this method, while services such as Veracrypt may be stronger cryptographically, but are clunky to say the least. What EncFS offers is a fair compromise between convenience and security.
For Linux Users:
So how does one go about obtaining EncFS? Like many things, this depends on your operating system. For Linux users, look in your repositories as it should be there. Debian users can just type in
sudo apt-get install encfs. This installs the basic command line functionality of it, however a front-end GUI can make the process a lot simpler. For this reason, I also recommend getting a package called Cryptkeeper using
sudo apt-get install cryptkeeper. To set everything up, just click the Cryptkeeper icon, and then go to "New Encrypted Folder". After the dialogue box pops up, create a new folder inside of your cloud storage folder. For example, if you use Dropbox, then just create a folder inside of your Dropbox. Once you've set a secure password you're pretty much done. Unlocking the encrypted folder involves just clicking the Cryptkeeper icon, then clicking the folder you want to decrypt and typing in your password. Cryptkeeper usually mounts the decrypted folder right beside the encrypted one. To check this, go to your cloud storage folder and enable the viewing of "hidden files". Cryptkeeper keeps your encrypted folder hidden by putting a period in front of the name. The decrypted folder should appear right next to it, but without the period. It is in the decrypted folder that you'll want to put your files into.
For Windows Users:Windows users have a couple of options: an experimental port of EncFS from Linux to Windows, or a tool called Boxcryptor. I'd recommend Boxcryptor. Currently, there are two versions of Boxcryptor: Boxcryptor Classic, and the new Boxcryptor. Boxcryptor Classic is built on EncFS and is fully compatible, so grab that version off their website. Setting up Boxcryptor is fairly easy, you just need to install it and then link it to your cloud storage account. From there, it will set up an encrypted folder that will house all the files you want to protect. A very important thing to note is that you shouldn't put files into this folder. Instead, Boxcryptor will mount it, meaning that it will appear as a drive, the same way that a USB flash-drive does! It is in this drive that you want to put all your data. Once you've put a few files into it, try going back to your main cloud storage folder (i.e Dropbox), and take a look at your encrypted folder (encrypted.bc in my case). Try opening one of the files inside of it. You'll notice that they don't work. This is because they're encrypted. Going back to the drive that Boxcryptor appears as will let you open the file and have it work because it is decrypted.
One of the main advantages of cloud storage is that you can quickly download a file on your mobile device. But now that your files are encrypted, you're going to have to get an app to decrypt them! Luckily these exist as well. If you did use the Boxcryptor method then just go and download the Boxcryptor Classic app. This will link up to your cloud storage and decrypt everything on the fly. If you went the EncFS/Linux route, then go download an app called Cryptonite. >Cryptonite is an EncFS decrypter for Android, which should allow you to encrypt and decrypt whatever you want on your Android phone.
So now your cloud storage is encrypted! It's pretty much safe against most threats and should settle any fears of cloud storage for most users. Of course, if you have something major to hide, just get off the cloud. The rest of us, however, can go on using the cloud safely and conveniently!