Encrypting Dropbox content with EncFS
Everybody uses cloud storage systems like Dropbox. I also use it. I like to store files like PDF’s on a place where I can easily access them from my smartphone or my tablet. But the problem that there is no data security with this cloud solutions bothers me. Thats why I recently had the idea to encrypt the files I store in my dropbox.
My requirements are that I can use the Dropbox on my Notebook (Linux: Ubuntu) and on my Android devices. That brought me to EncFS, because its very easy to use on linux systems (natively) and there are Android Apps available to decrypt it.
The setup of EncFS is very easy on Linux. On Ubuntu use apt-get to install it first:
Now I setup an encrypted Folder for my Dropbox. EncFS uses a mirrored unencrypted local folder. Every file you put into this folder will be encrypted to the ‘encrypted’ Folder.
Important: Never directly store a file into the encrypted folder. It will not be encrypted and synchronized to your Dropbox.
To setup the folder I use the following command:
The ‘~/Dropbox/.encrypted’ folder will be my encrypted folder inside the Dropbox. The ‘~/DropboxSecure’ folder is the unencrypted folder where I have to save my files.
Now EncFS will ask for a setup mode:
I used the expert configuration to see what the different settings are. Here a summary of my configuration:
That’s it. The folder is now set up.
Mount EncFS folder permanently
Your folder which is now mounted, will not be mounted permanently. After a reboot you have to mount it again! It’s not that difficult, you just have to call this command again:
This time you call it, it will just ask you for your password and that’s it.
I like that this is done automatically each time I boot my laptop. For that reason I wrote a small script that mounts the folder automatically. For that case you have to store your password somewhere. I just wrote it to a text file. I know this could be another security problem, but if it’s only located on my machine and can not be uploaded to the dropbox it is okay for me at the moment.
Basically you have to make sure this command is called at boot time:
I added it to my login script.
Now I can store any file to my DropboxSecure folder…:
… and it will be stored encrypted to my Dropbox folder:
Access files on Android
As I sad at the beginning, I want to access my Files from my Android devices. There are different Apps which can decrypt an EncFS volume, you can search for them. I used Encdroid, which you can find in the play store: https://play.google.com/store/apps/details?id=org.mrpdaemon.android.encdroid
When you have started the app you can link the app with your Dropbox Account under the settings menu “Accounts”. Then you can import the volume with the “Import Volume” Menu:
Now open the volume, enter the password, and you can access your files:
With EncFS it’s very easy to create an encrypted folder under linux an sync it with your dropbox. Also the access from Android devices is done quickly.
Unfortunately there are some security issues. While I wrote this post I found a Report of a Security Audit of EncFS. They say that there are security problems if multiple snapshots of your encrypted file are available. This could be a problem because of course I will save multiple versions of my files into my dropbox.
But in the short time I had, I could not find another solution which also works with my Linux/Android setup that easy. I have to make some further investigation later if there are better (more secure) solutions.
Ideas are welcome. How do you do it?