Ubuntu / Linux news and application reviews.

Dropbox is great but the data is not encrypted on your computer (you can read more about this here). There are various ways to encrypt some private files in your Dropbox folder: you can use Truecript, EncFS, etc.

This article was written due to recent Dropbox security concerns but it's not just for Dropbox, the instructions below can be used with any similar service.

- Truecrypt is great, but to use it with Dropbox you must manually unmout the filesystem to get it to sync which is kind of against the whole Dropbox idea. For those who don't mind having to manually unmount the filesystem to get it to sync, this is probably a better solution (because Truecrypt is very easy to set up on any OS: Linux, Windows or Mac).

- SecretSync is a new tool to encrypt some files in your Dropbox folder. While it works great and is cross-platform (Update: SecretSync is now Viivo and it's not available for Linux any more), it's no different than Dropbox because the encryption keys are not stored on your computer but on their server. But of course, it does add an extra security layer so you can check this out too!

So the best way to encrypt your Dropbox files is probably using EncFS. EncFS is very easy to configure and doesn't require manually mounting or unmounting the filesystem.

Some encrypted files from my Dropbox ".encrypted" folder (even the filenames are encrypted)

EncFS works on Linux as well as Mac through macfuse or Windows using BoxCryptor. There might be other ways of getting it to work under Windows but I don't use Windows so you're on your own here.

To be able to access some files using your Android phone, etc., you can encrypt your private files and leave others unencrypted and that's what I'll be using in the instructions below but if you want, you can of course encrypt your whole Dropbox folder.

Here's how this works:

- files under ~/Dropbox/.encrypted are encrypted
- files under ~/Private are not encrypted

You place the private files you want to sync in the ~/Private folder and they are then automatically encrypted under ~/Dropbox/.encrypted and synced with Dropbox.

Here's a screenshot too:

Dropbox encrypted folder
(The files you see on the left (under ~/Dropbox/.encrypted/) are the encrypted version of the files on the right (which are under ~/Private))

Even though there are 2 folders, only the encrypted files are stored on your disk and when you access the plaintext files in EncFS, the files are decrypted (or encrypted) on-the-fly. So you won't need extra disk space for this.

(thanks to Robert Freudenreich - the BoxCryptor developer - for this info)

Update: Before using EncFS, see THIS security audit. Hopefully a new EncFS version will be released soon.

Set up an EncFS folder and sync it with Dropbox (in Linux w/ GNOME)

1. Install EncFS:
sudo apt-get install encfs

2. To create a new encrypted volume, run:
encfs ~/Dropbox/.encrypted ~/Private

And follow the instructions. Selecting "p" should be enough ("pre-configured paranoia mode") but if you know what you're doing, you can of course select the advanced mode.

If you've used different folder names, adapt the command above to your folders.

3. Now let's use GNOME-EncFS to store the password in the keyring and automatically mount the encrypted folder at startup.

Update: instead of the GNOME-EncFS tool, you can also use CryptFolder Indicator or GNOME EncFS Manager.

Download GNOME-EncFS, extract it somewhere - lets say in your home directory, rename its folder to "gnome-encfs" (so it's easier to follow the instructions below) and use a terminal to navigate to its directory. If you've renamed the folder like I said and placed it in your home directory, use the following command:
cd ~/gnome-encfs

Now to install it, run:
sudo install gnome-encfs /usr/local/bin

And finally, run:
gnome-encfs -a ~/Dropbox/.encrypted ~/Private

Again, replacing the paths with whatever folders you've used. This command will ask for your EncFS password and if you want it to mount at login - make sure you select "yes".

And you're done. Now the files you place in the ~/Private folder will be mirrored under ~/Dropbox/.encrypted, synchronized and encrypted.

For your 2nd, 3rd, etc. computer running Ubuntu, follow this step again (only step 3 - to install gnome-encfs and mount the encrypted folder). For Windows you can use BoxCryptor and macfuse for Mac. Unfortunately I don't use Windows or Mac so I can't help you configuring them.

Optional: exclude the EncFS key from being synced

You can set Dropbox not to sync your EncFS key if you want. But by doing this, you'll have to manually copy the key on the 2nd, 3rd computer, etc. in the ~/Dropbox/.encrypted folder.

1. Copy the key from ~/Dropbox/.encrypted folder somewhere safe. The key is called ".encfs6.xml" and is a hidden file so press CTRL + H to see it.

2. Run the following command to get Dropbox to ignore your EncFS key:
dropbox exclude add ~/Dropbox/.encrypted/.encfs6.xml

In my test, the ~/Dropbox/.encrypted/.encfs6.xml file was deleted after running the above command but since you've copied it somewhere else (step 1), you can now copy the ".encfs6.xml" file back to ~/Dropbox/.encrypted/

3. Open the Dropbox site and delete the .encrypted/.encfs6.xml file.

Update: also see -> how to access EncFS Dropbox folders on Android (these instructions should work for Windows too).

Post inspired by: