26 April 2013

398. Securing your Dropbox with encfs

Quite some time ago I made a post about how to use truecrypt and dropbox together. It wasn't a very elegant solution as it consisted of putting a truecrypt container in the dropbox folder.

 Apart from being pretty obvious, it suffers from drawbacks, such as the fixed size of the truecrypt container taking up space whether you're using it all or not.

[Note that mounting the dropbox folder inside a truecrypt container isn't a real solution either since it won't actually encrypt anything.]

Playing around with encfs made me realise that THIS is the perfect solution for secure Dropbox.

We'll make the assumption that you don't want to encrypt everything in your dropbox, but only things which is kept in a specific folder.

I'm presuming that you've got dropbox set up and working. If not, get the deb files from https://www.dropbox.com/

If you're having issues, make sure that fuse is installed, and that you belong to the group fuse (too add, do sudo usermod -a -G fuse $USER . To check do cat /etc/group|grep fuse)

Getting started:

sudo apt-get install encfs
mkdir ~/Dropbox/encrypted
encfs ~/Dropbox/encrypted ~/decrypted
The directory "/home/me/decrypted" does not exist. Should it be created? (y,n) Y Creating new encrypted volume. Please choose from one of the following options: enter "x" for expert configuration mode, enter "p" for pre-configured paranoia mode, anything else, or an empty line will select standard mode. ?> p Paranoia configuration selected. Configuration finished. The filesystem to be created has the following properties: Filesystem cipher: "ssl/aes", version 3:0:2 Filename encoding: "nameio/block", version 3:0:1 Key Size: 256 bits Block Size: 1024 bytes, including 8 byte MAC header Each file contains 8 byte header with unique IV data. Filenames encoded using IV chaining mode. File data IV is chained to filename IV. File holes passed through to ciphertext. -------------------------- WARNING -------------------------- The external initialization-vector chaining option has been enabled. This option disables the use of hard links on the filesystem. Without hard links, some programs may not work. The programs 'mutt' and 'procmail' are known to fail. For more information, please see the encfs mailing list. If you would like to choose another configuration setting, please press CTRL-C now to abort and start over. Now you will need to enter a password for your filesystem. You will need to remember this password, as there is absolutely no recovery mechanism. However, the password can be changed later using encfsctl. New Encfs Password: Verify Encfs Password:
Put the files you want to be encrypted in ~/decrypted -- NOT ~/Dropbox/encrypted. Once you're done, unmount ~/decrypted:
sudo umount ~/decrypted

When you want to access your encrypted files or add more files to the encrypted file, just mount ~/Dropbox/encrypted using encfs:
encfs ~/Dropbox/encrypted ~/decrypted/

No comments:

Post a Comment