5 Ways To Securely Encrypt Your Files In The Cloud

Ads by Google

encrypt files cloudThe cloud is a convenient place to back up and store files, but you should hesitate before uploading that sensitive data, whether you’re using Dropbox, Google Drive, or SkyDrive. Sure, your files may be encrypted in transit and on the cloud provider’s servers, but the cloud storage company can decrypt them — and anyone that gets access to your account can view the files. Client-side encryption is an essential way to protect your important data without giving up on cloud storage.

Encryption does add some complexity, however. You can’t view the files in the cloud storage service’s web interface or easily share them. You’ll need your encryption tool to decrypt and access your files.

Encryption is ideal for sensitive files, but you don’t have to encrypt everything. Be sure to use a strong passphrase when setting up encryption, too.

Create A TrueCrypt Container

TrueCrypt is a do-it-yourself method of encryption. With TrueCrypt, you can create an encrypted file container and save it to your Dropbox folder. This file is a big, encrypted blob — no one can see the inside of it without your passphrase. TrueCrypt can mount the encrypted file container as a drive letter or fodler on your computer. Files you place inside the special TrueCrypt drive or folder will be encrypted and stored inside the TrueCrypt file container in your Dropbox folder. Our guide to creating and mounting an encrypted file container with TrueCrypt will walk you through the process.

encrypt files cloud

Ads by Google

Why Dropbox? Good question. Dropbox can synchronize only the changed portions of large files, while Google Drive and SkyDrive can only synchronize entire files (as far as I can tell). This means that, if you have a 2GB TrueCrypt drive and change a small file in it, Dropbox will upload a small portion of the TrueCrypt file, while Google Drive and SkyDrive will re-upload the entire 2GB file. Some other cloud storage services may also offer delta uploads – be sure you choose one that does if you’re using a TrueCrypt volume.

For more information about TrueCrypt, check out our free TrueCrypt manual. We’ve also got a Dropbox cheat sheet and a Dropbox manual.

Use An App

BoxCryptor is an easy-to-use encryption solution. In spite of its name, you can use it with any cloud storage service, not just Dropbox. BoxCryptor creates a special subfolder in your cloud storage folder — in this folder, BoxCryptor stores encrypted versions of the files you add to a special BoxCryptor drive letter.

encrypt files cloud storage

BoxCryptor also has mobile apps, allowing you to access your encrypted files on the go. The Android app supports Dropbox and Google Drive, with SkyDrive support on the way. The iOS app will also receive Google Drive and SkyDrive support in the future. The free version of BoxCryptor is limited to 2GB of encrypted files.

encrypt files cloud storage

For more information, check out our full BoxCryptor walkthrough.

CloudFogger, which we’ve covered in the directory, and SecretSync are other, competing services which work similarly.

Switch To An Encrypted Service

All the other options here are ways of grafting client-side encryption onto a cloud storage service that doesn’t natively support it. Instead, you could opt for a cloud storage service that includes client-side encryption. SpiderOak and Wuala are good options. These services encrypt and decrypt your data locally – the services themselves have no idea what data you’re storing; they couldn’t view it if they wanted to.

encrypt files cloud storage

Check out our full walkthrough of SpiderOak for more information. It’s a bit more complicated to set up than Dropbox and similar services, but it offers more flexibility – for example, you can synchronize any folder on your computer.

Encrypt Individual Files

If this all seems a bit much for you, you can just encrypt a handful of important files with a utility on your computer. You’ll need the utility to decrypt and access your encrypted files in the future. We’ve covered a variety of ways to easily and quickly encrypt files in the past, including creating an encrypted archive file.

cloud file encryption

Set Up EncFS On Linux

EncFS is an open-source option for Linux users. It’s exactly what it sounds like – an encrypted file system. It works similarly to BoxCryptor (in fact, it inspired BoxCryptor) – EncFS creates a special folder that contains encrypted versionsof your files. EncFs transparently decrypts and provides access to these files in another folder. You work with your files in this folder, and EncFS stores the files in encrypted form in your cloud storage folder.

encrypt files cloud

It’s a bit more complicated to set up, involving terminal commands. But, unlike the free version of BoxCryptor, it doesn’t limit the amount of files you can encrypt. We’ve got a guide to setting up EncFS on your Linux system, if you’re interested.

Which encryption solution do you prefer – or do you not store sensitive data in the cloud? Leave a comment and let us know.

Image Credit: Cloud Computing Icon With Protection via Shutterstock

Ads by Google

22 Comments - Write a Comment

Reply

Esteban

Are you sure?

As far as I know, and as I understand it, Dropbox can’t upload only the “small changed part” of a TrueCrypt volume: That would imply that it is possible to tell what parts of a TrueCrypt volume had changed, where a file starts and ends, and that is impossible per se by the way the encryption is used by TrueCrypt.

You may want to clarify that, please!
If indeed it CAN be done, it would be great, but also it would be a breach to the encryption force (that’s the reason I think it can’t be done).

Best regards!

Rah Tkash

As far as I know, you are correct. Process of encryption (specifically that in TrueCrypt) changes entire encrypted data stream every time data is re-encrypted, with or without file changes.

So even same file, encrypted again with the same password, will have completely different data-stream; so files with any change should be different.

Just to be sure, ran some tests with TrueCrypt using default settings, and HxD hex editor for file comparison, results are:

Test 1:
2 identical files separated into 2 identical file containers that use the same settings and password – Outcome = Completely different file container data streams.

Test 2:
2 similar files separated into 2 identical file containers that use the same settings and password – Outcome = Completely different file container data streams.

Unless author used some other settings, I dont think its possible.

Florin

The idea is that the container doesn’t change entirely. Only some areas in which the file was stored. Imagine what changing 1 byte in a 5 GB container would do to your storage device if that meant the *entire* container would be changed by TrueCrypt. Only the parts of the container that have been altered by you modifying that byte will be uploaded to DropBox. For small containers the effect is not directly visible, but try it with something like a 1 GB container and see what happens.

Rah Tkash

Upon retesting I confirm what you say is true with certain settings when using the same container.

In initial tests I used 2 separate containers with same settings and password, its this reason they had entirely different data streams – maybe due to the ‘random pool’ part of container creation.

Retesting by copy-pasting first created container then adding the same file to each, I noticed file comparison showed only small difference of data stream. Im assuming this is because the file creation time will be slightly different for each file. I’ll retest and find out. Therefore, what you say is true, using those settings.

Thank you for the opportunity to learn something new. Hopefully there is method to do the opposite though, to change entire data stream based off even small change.

Florin

Changing the entire container for every update is in no way reasonable. When do you re-encode the container? After each and every disk write (which can consist of a few bytes)? Do you have any idea how long it would take if your container wass a few GB or TB in size? How often would you re-upload it if it was stored on Dropbox?

Most important of all, why would you do this?

Chris Hoffman

Thanks for chiming in and helping clarify, Florin!

Florin is indeed correct, from what I understand. Dropbox can’t actually see what’s changed inside the container, but it sees that a small part of the container file has changed, and uploads the changed part of the file.

For example, if you have a 5 GB container and regularly modify a small text file on it, only a small portion of the container would change. Changing the entire container would require a lot of disk thrashing, slowness, and additional network usage.

I suppose that it would be possible for Dropbox to know that you’re only changing a small part of the container — but so what? What are they going to do with that information? I don’t think that really matters.

TMcGill

To the question of “does it matter,” it depends on the goal. If it is just keeping files fairly well-protected against your average person, this may be fine. But if you want real security, against analysis that, say, an agency of some government or professional cryptographers could do, this does matter. As I understand it, having access to multiple versions of a single, encrypted data blob with changes only to small parts of it (as Dropbox– or anyone who gains access to Dropbox’s data– would have), the encryption key always remaining the same (as it would in this case), dramatically reduces the security of your data, by making analysis possible that is not otherwise. For instance, learning where distinct files are located within the blob. Especially problematic if, by some means, it is possible to learn or guess some or all of the plaintext contents of the changed portion– even once, because this could lead to compromising the entire encrypted volume. Truecrypt on DropBox therefore seems to me to offer some protection, but not truly hard security. The Truecrypt documentation discusses this problem with regard to backups– without taking particular precautions, repeatedly backing up an encrypted volume as it changes over time can present the same sort of security risk. You would want to think carefully about this before using it for, say, running a dissident movement in a country that doesn’t like dissidents, or for holding classified documents, or for anything else that could come under attack from real cryptography experts.

Chris Hoffman

Wow, that’s a great point. I suppose I’ve been coming at this from a more consumer perspective — if all you want is to encrypt some financial documents, I don’t think using Truecrypt and Dropbox is a problem. No one’s going to target you when there are so many easier targets out there.

If you’re a dissident in an oppressive country though, that’s a good point — there are some issues there.

Reply

Ryk Pryk

Hello,

Thank you for the down-to-earth, practical and usable description of the tools for encryption of online data. I used truecrypt some years ago, now I downloaded its newer version. And paid 10 $ to its developer ;)! Long live open source.

Chris Hoffman

You’re welcome; thanks for supporting awesome software!

Reply

Mihovil Pletikos

would bitlocker work?

Chris Hoffman

I’m not sure! I looked into it and there isn’t much information, although some Dropbox users are having trouble with it: http://forums.dropbox.com/topic.php?id=11526

You could always try it yourself, but it doesn’t seem as supported as the other options.

Reply

venkatp16

Gud article.. I’m using Truecrpyt and other tools also very useful

Chris Hoffman

Truecrypt does seem to be the geek’s tool of choice, from the comments I’ve seen.

Jonathan Cross

Yes, have been using TrueCrypt for years… its good, Open and truly Free.
The encrypted file containers are reliable and can easily be used by any backup system on any major platform / cloud service. Think twice before entrusting your data to a profit-motivated company (even if its a few click’s easier to use on windows). Assuming their intentions are 100% pure, who knows what bugs lie in their software or if they will still be supporting it 5 years from now?

Open Source software can live on long after the original developers get bored, move on or die even — just need a passionate nerd somewhere on earth to revive for whatever computers exist in the future.

Chris Hoffman

BoxCryptor is a pretty front-end to EncFS, so I believe it may be possible to access things encrypted with BoxCryptor with EncFS tools.

Even if it’s not open-source, sticking to open formats helps.

Reply

Usman Mubashir

great

Reply

IMHO

I have a thought which my be simplistic so feedback would be welcome. A caveat is that I recognise that any data deposited in the cloud is subject to the privacy controls, assurances and contractual agreements from the provider. Just as that provider is subject to the publicly declared and also secret governance of its domain of residence and domains in which it has servers situated (however they are dispersed),

My simplistic thought it that once any data is lodged as content on ‘cloud storage’ it is then also liable to access by ‘cloud processing’. This means that ANYONE accessing it, be it deemed legally or illegally, is likely to also have access to many dispersed computing cycles made voluntarily of involuntarily accessible. Encryption that seems challenging to a single/multiple processing unit may therefore be quite trivial to and attack using such dispersed resources. For me this dramatically increases the threat of decryption.

Reply

Quinn Haine

I use passworded 7zip files for personal info. I wonder if there’s a cloud service out there that lets you put a password on individual files…

Chris Hoffman

Would have to be a fully encrypted service. The great thing about password-protecting your own files is that the service itself can’t access them, so you’re 100% sure they they don’t have a backdoor into your data.

This can help if someone breaks into your account, etc.

Reply

KachadorianConsult

Thank you so much for this great article. We are a small businesses struggling with the best way to deal with data security while still maintaining the flexibility of cloud storage. There are so many advertisements, but we really hit a gem when we came across this article. Thank you for summarizing the key options for us!

Reply

Hitesh Tewari

You may be interested in taking a look at http://www.cipherdocs.com. A real-time encryption and collaboration preserving technology for Cloud Documents, with mobile keychain functionality. The following videos provide an overview of the technology in action:

CipherDocs Demo – http://www.youtube.com/watch?v=CVIthlM7P3Q&feature=plcp

CipherDocs Secure Sharing Demo – http://www.youtube.com/watch?v=FTHCQfUHyfc&feature=plcp

Best Regards,
Hitesh Tewari

Your comment