5 Ways to Securely Encrypt Your Files in the Cloud

Chris Hoffman 25-05-2012

encrypt files cloudThe cloud is a convenient place to back up and store files, but you should hesitate before uploading that sensitive data, whether you’re using Dropbox, Google Drive, or SkyDrive Dropbox vs. Google Drive vs. OneDrive: Which Cloud Storage Is Best for You? Have you changed the way you think about cloud storage? The popular options of Dropbox, Google Drive, and OneDrive have been joined by others. We help you answer which cloud storage service should you use. Read More . Sure, your files may be encrypted in transit and on the cloud provider’s servers, but the cloud storage company can decrypt them — and anyone that gets access to your account can view the files. Client-side encryption is an essential way to protect your important data without giving up on cloud storage.


Encryption does add some complexity, however. You can’t view the files in the cloud storage service’s web interface or easily share them. You’ll need your encryption tool to decrypt and access your files.

Encryption is ideal for sensitive files, but you don’t have to encrypt everything. Be sure to use a strong passphrase How to Create a Strong Password That You Will Not Forget Do you know how to create and remember a good password? Here are some tips and tricks to maintain strong, separate passwords for all of your online accounts. Read More  when setting up encryption, too.

Create A TrueCrypt Container

TrueCrypt is a do-it-yourself method of encryption. With TrueCrypt, you can create an encrypted file container and save it to your Dropbox folder. This file is a big, encrypted blob — no one can see the inside of it without your passphrase. TrueCrypt can mount the encrypted file container as a drive letter or fodler on your computer. Files you place inside the special TrueCrypt drive or folder will be encrypted and stored inside the TrueCrypt file container in your Dropbox folder. Our guide to creating and mounting an encrypted file container with TrueCrypt How To Make Encrypted Folders Others Can't View with Truecrypt 7 Read More will walk you through the process.

encrypt files cloud

Why Dropbox? Good question. Dropbox can synchronize only the changed portions of large files, while Google Drive and SkyDrive can only synchronize entire files (as far as I can tell). This means that, if you have a 2GB TrueCrypt drive and change a small file in it, Dropbox will upload a small portion of the TrueCrypt file, while Google Drive and SkyDrive will re-upload the entire 2GB file. Some other cloud storage services may also offer delta uploads – be sure you choose one that does if you’re using a TrueCrypt volume.


For more information, check out our Dropbox cheat sheet Dropbox Tips Read More and Dropbox manual What Is Dropbox? The Unofficial Dropbox User Guide What is Dropbox and how do you use it? Our Dropbox user guide will explain everything you need to know to get started. Read More .

Use An App

BoxCryptor is an easy-to-use encryption solution. In spite of its name, you can use it with any cloud storage service, not just Dropbox. BoxCryptor creates a special subfolder in your cloud storage folder — in this folder, BoxCryptor stores encrypted versions of the files you add to a special BoxCryptor drive letter.

encrypt files cloud storage

BoxCryptor also has mobile apps, allowing you to access your encrypted files on the go. The Android app supports Dropbox and Google Drive, with SkyDrive support on the way. The iOS app will also receive Google Drive and SkyDrive support in the future. The free version of BoxCryptor is limited to 2GB of encrypted files.


encrypt files cloud storage

For more information, check out our full BoxCryptor walkthrough Encrypt Your Dropbox Files With BoxCryptor Dropbox is a great service, but its security track record is nothing to be proud of. We’ve previously written about encrypted alternatives to Dropbox, but let’s be honest -- Dropbox stands out among cloud storage... Read More .

CloudFogger, which we’ve covered in the directory Cloudfogger: A Desktop Application to Easily Encrypt Files Read More , and SecretSync are other, competing services which work similarly.

Switch To An Encrypted Service

All the other options here are ways of grafting client-side encryption onto a cloud storage service that doesn’t natively support it. Instead, you could opt for a cloud storage service that includes client-side encryption. SpiderOak and Wuala Secure Your Files: 3 Encrypted Dropbox Alternatives Dropbox brought cloud-based file synchronization and storage to the masses, but it's been hindered by high-profile security problems. Fortunately, you have another option — an alternative service that secures your files with local encryption and... Read More are good options. These services encrypt and decrypt your data locally – the services themselves have no idea what data you’re storing; they couldn’t view it if they wanted to.


encrypt files cloud storage

Check out our full walkthrough of SpiderOak SpiderOak - An Online Data Backup & Sharing Solution [Cross-Platform] Read More for more information. It’s a bit more complicated to set up than Dropbox and similar services, but it offers more flexibility – for example, you can synchronize any folder on your computer.

Encrypt Individual Files

If this all seems a bit much for you, you can just encrypt a handful of important files with a utility on your computer. You’ll need the utility to decrypt and access your encrypted files in the future. We’ve covered a variety of ways to easily and quickly encrypt files The 5 Best Ways To Easily & Quickly Encrypt Files Before Emailing Them [Windows] Earlier this year, I was faced with a situation where I had a writer working for me overseas in China, where we were both certain that all of our email communications were being monitored. I... Read More in the past, including creating an encrypted archive file 7 Tips & Tricks To Get The Most Out Of Google Drive Google Drive is a great service, but installing the Google Drive application and synchronizing some files is just the first step. These tricks will help you take advantage of Google Drive, both on the desktop... Read More .

cloud file encryption


Set Up EncFS On Linux

EncFS is an open-source option for Linux users. It’s exactly what it sounds like – an encrypted file system. It works similarly to BoxCryptor (in fact, it inspired BoxCryptor) – EncFS creates a special folder that contains encrypted versionsof your files. EncFs transparently decrypts and provides access to these files in another folder. You work with your files in this folder, and EncFS stores the files in encrypted form in your cloud storage folder.

encrypt files cloud

It’s a bit more complicated to set up, involving terminal commands. But, unlike the free version of BoxCryptor, it doesn’t limit the amount of files you can encrypt. We’ve got a guide to setting up EncFS How To Encrypt Your Dropbox Data With ENCFS [Linux] Dropbox is arguably one of the best online file sync tools around. However, if you've been skimming through the tech news lately, you'll see that Dropbox is having some privacy issues as of late.Therefore, encrypting... Read More on your Linux system, if you’re interested.

Which encryption solution do you prefer – or do you not store sensitive data in the cloud? Leave a comment and let us know.

Image Credit: Cloud Computing Icon With Protection via Shutterstock

Related topics: Cloud Computing, Cloud Storage, Encryption.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Kesen
    April 8, 2017 at 5:24 pm

    Boxcryptor? Nope. Not just "trusting" a service that isn't open sourced. Cryptomator is a way better choice .

  2. Sebastian
    February 24, 2016 at 3:17 pm

    TrueCrypt/VeraCrypt has not only the mentioned problem of full re-uploads, but it can also cause nasty synchronization conflicts if you don't let it finish synchronization before editing the files on another computer. For EncFS, there was a recent security audit showing it is insecure when used with cloud storage, see . Because there was (in our opinion) no good open source tool available to encrypt cloud storage, we started a new one. It's in beta currently, but don't let that keep you from taking a look: .

  3. Hitesh Tewari
    November 15, 2012 at 1:23 pm

    You may be interested in taking a look at [Broken URL Removed]. A real-time encryption and collaboration preserving technology for Cloud Documents, with mobile keychain functionality. The following videos provide an overview of the technology in action:

    CipherDocs Demo -

    CipherDocs Secure Sharing Demo -

    Best Regards,
    Hitesh Tewari

  4. KachadorianConsult
    October 30, 2012 at 2:54 pm

    Thank you so much for this great article. We are a small businesses struggling with the best way to deal with data security while still maintaining the flexibility of cloud storage. There are so many advertisements, but we really hit a gem when we came across this article. Thank you for summarizing the key options for us!

  5. Quinn Haine
    September 16, 2012 at 6:10 pm

    I use passworded 7zip files for personal info. I wonder if there's a cloud service out there that lets you put a password on individual files...

    • Chris Hoffman
      September 29, 2012 at 11:56 am

      Would have to be a fully encrypted service. The great thing about password-protecting your own files is that the service itself can't access them, so you're 100% sure they they don't have a backdoor into your data.

      This can help if someone breaks into your account, etc.

  6. IMHO
    September 12, 2012 at 9:06 pm

    I have a thought which my be simplistic so feedback would be welcome. A caveat is that I recognise that any data deposited in the cloud is subject to the privacy controls, assurances and contractual agreements from the provider. Just as that provider is subject to the publicly declared and also secret governance of its domain of residence and domains in which it has servers situated (however they are dispersed),

    My simplistic thought it that once any data is lodged as content on 'cloud storage' it is then also liable to access by 'cloud processing'. This means that ANYONE accessing it, be it deemed legally or illegally, is likely to also have access to many dispersed computing cycles made voluntarily of involuntarily accessible. Encryption that seems challenging to a single/multiple processing unit may therefore be quite trivial to and attack using such dispersed resources. For me this dramatically increases the threat of decryption.

    • Coreinsanity
      December 19, 2015 at 4:52 pm

      I know this is old, but this was one of the top pages for "cloud encryption software". But, I just wanted to throw this in here to correct this thought...

      The general idea that you can leverage a lot of computing power through clusters or networked systems to fight encryption is not new, or flawed. It's completely valid. That being said, look at it realistically. AES256, Serpent, and I believe twofish take a LONG time to just brute-force crack, to the point of being impossible, if you key is secure. If your key is insecure, it could be trivial. These ciphers are very secure. It's incredibly unlikely that your files will be decrypted if you encrypt your files using a "third party" method (as in, some services offer encryption out of the box. We're talking about using something on-top of or other than that.)

      If it were trivial for these systems to be "cracked", then no one would be using them.

      • IMHO
        December 19, 2015 at 5:11 pm

        It depends on the temporal reach of "trivial". trivial today may mean nothing tomorrow with a step changes in processing power. It is better to think of encrypoted data have a window of "useful privacy" rather than enduring. If your level of encrypted privacy exceeds your projections of ability to be decrypted by third parties with an interest in doing so then fine. Let us not go without a little exercise though

        Say our lifespans level off at about 80 years for this discussion. Say that we now generate or have logged on our behalf, data that we would like secure from our birth (possibly before that if we think about data of our parents) then we need encryption or privacy that matches that need. Consider the increase in "computational" power over the last 80 years, i.e. from 1936 as I write. In 80 years time will AES256 or Serpent offer protection?

        • Coreinsanity
          January 9, 2016 at 10:05 pm

          I just now noticed I got a reply. I actually never expected to get one, so I wasn't looking, lol.

          Yeah, that's a good point. In 80 years it's unlikely AES256 will provide much protection. But while thinking about it like that isn't wrong, it also means there is no protection around these days that can secure our data.

          I mean, in 80 years I could easily see quantum computing having taken off. Which, if that's the case, it could render all currently modern encryption moot. There's also several other advances happening of which I'm not sure how they'll affect the direction of computing power.

          So, now what? What if the data is for your descendants, as well? A family archive, of sorts.

          The only option left pretty much excludes the cloud, period, and involves continually destroying the medium the data is stored on and moving it to more modern encryption techniques and storage mediums (over the years, as things move forward). Which is a good theory, but it doesn't play well with the philosophy of off-site backups. After all, once the data leaves your possession, you have no control over the storage medium or what happens to it.

          So we hit another problem. How do we keep something as secure as if it were in our possession where we can destroy it and upgrade the storage and encryption, but not lose it if our house burns down or gets hit by a disaster?

          I see your point, and it's not bad, but how do you balance it out?

        • IMHO
          January 10, 2016 at 10:09 am

          Change our

          * Technology - It will evolve as you say
          * Legislation - Make it global and punitive
          * Temporality - The internet flattens time as opposed to putting people in their whole context at a time in their life.
          * Kindness - Along with transparency we also need to think about forgiveness rahter than judgement

          It's a long way from the validity of AES256 of course where we started.

  7. Usman Mubashir
    September 9, 2012 at 10:46 am


  8. venkatp16
    June 22, 2012 at 9:11 am

    Gud article.. I'm using Truecrpyt and other tools also very useful

    • Chris Hoffman
      June 23, 2012 at 11:57 pm

      Truecrypt does seem to be the geek's tool of choice, from the comments I've seen.

    • Jonathan Cross
      August 11, 2012 at 1:09 pm

      Yes, have been using TrueCrypt for years... its good, Open and truly Free.
      The encrypted file containers are reliable and can easily be used by any backup system on any major platform / cloud service. Think twice before entrusting your data to a profit-motivated company (even if its a few click's easier to use on windows). Assuming their intentions are 100% pure, who knows what bugs lie in their software or if they will still be supporting it 5 years from now?

      Open Source software can live on long after the original developers get bored, move on or die even -- just need a passionate nerd somewhere on earth to revive for whatever computers exist in the future.

      • Chris Hoffman
        August 14, 2012 at 12:03 am

        BoxCryptor is a pretty front-end to EncFS, so I believe it may be possible to access things encrypted with BoxCryptor with EncFS tools.

        Even if it's not open-source, sticking to open formats helps.

  9. Mihovil Pletikos
    June 1, 2012 at 3:14 am

    would bitlocker work?

    • Chris Hoffman
      June 1, 2012 at 3:46 am

      I'm not sure! I looked into it and there isn't much information, although some Dropbox users are having trouble with it

      You could always try it yourself, but it doesn't seem as supported as the other options.

  10. Ryk Pryk
    May 28, 2012 at 7:46 am


    Thank you for the down-to-earth, practical and usable description of the tools for encryption of online data. I used truecrypt some years ago, now I downloaded its newer version. And paid 10 $ to its developer ;)! Long live open source.

    • Chris Hoffman
      May 30, 2012 at 1:00 am

      You're welcome; thanks for supporting awesome software!

  11. Esteban
    May 26, 2012 at 12:32 am

    Are you sure?

    As far as I know, and as I understand it, Dropbox can't upload only the "small changed part" of a TrueCrypt volume: That would imply that it is possible to tell what parts of a TrueCrypt volume had changed, where a file starts and ends, and that is impossible per se by the way the encryption is used by TrueCrypt.

    You may want to clarify that, please!
    If indeed it CAN be done, it would be great, but also it would be a breach to the encryption force (that's the reason I think it can't be done).

    Best regards!

    • Rah Tkash
      May 26, 2012 at 2:34 am

      As far as I know, you are correct. Process of encryption (specifically that in TrueCrypt) changes entire encrypted data stream every time data is re-encrypted, with or without file changes.

      So even same file, encrypted again with the same password, will have completely different data-stream; so files with any change should be different.

      Just to be sure, ran some tests with TrueCrypt using default settings, and HxD hex editor for file comparison, results are:

      Test 1:
      2 identical files separated into 2 identical file containers that use the same settings and password - Outcome = Completely different file container data streams.

      Test 2:
      2 similar files separated into 2 identical file containers that use the same settings and password - Outcome = Completely different file container data streams.

      Unless author used some other settings, I dont think its possible.

    • Florin
      May 26, 2012 at 8:50 am

      The idea is that the container doesn't change entirely. Only some areas in which the file was stored. Imagine what changing 1 byte in a 5 GB container would do to your storage device if that meant the *entire* container would be changed by TrueCrypt. Only the parts of the container that have been altered by you modifying that byte will be uploaded to DropBox. For small containers the effect is not directly visible, but try it with something like a 1 GB container and see what happens.

      • Rah Tkash
        May 26, 2012 at 2:35 pm

        Upon retesting I confirm what you say is true with certain settings when using the same container.

        In initial tests I used 2 separate containers with same settings and password, its this reason they had entirely different data streams - maybe due to the 'random pool' part of container creation.

        Retesting by copy-pasting first created container then adding the same file to each, I noticed file comparison showed only small difference of data stream. Im assuming this is because the file creation time will be slightly different for each file. I'll retest and find out. Therefore, what you say is true, using those settings.

        Thank you for the opportunity to learn something new. Hopefully there is method to do the opposite though, to change entire data stream based off even small change.

        • Florin
          May 26, 2012 at 6:22 pm

          Changing the entire container for every update is in no way reasonable. When do you re-encode the container? After each and every disk write (which can consist of a few bytes)? Do you have any idea how long it would take if your container wass a few GB or TB in size? How often would you re-upload it if it was stored on Dropbox?

          Most important of all, why would you do this?

        • Chris Hoffman
          May 27, 2012 at 6:54 am

          Thanks for chiming in and helping clarify, Florin!

          Florin is indeed correct, from what I understand. Dropbox can't actually see what's changed inside the container, but it sees that a small part of the container file has changed, and uploads the changed part of the file.

          For example, if you have a 5 GB container and regularly modify a small text file on it, only a small portion of the container would change. Changing the entire container would require a lot of disk thrashing, slowness, and additional network usage.

          I suppose that it would be possible for Dropbox to know that you're only changing a small part of the container -- but so what? What are they going to do with that information? I don't think that really matters.

        • TMcGill
          September 19, 2012 at 2:57 pm

          To the question of "does it matter," it depends on the goal. If it is just keeping files fairly well-protected against your average person, this may be fine. But if you want real security, against analysis that, say, an agency of some government or professional cryptographers could do, this does matter. As I understand it, having access to multiple versions of a single, encrypted data blob with changes only to small parts of it (as Dropbox-- or anyone who gains access to Dropbox's data-- would have), the encryption key always remaining the same (as it would in this case), dramatically reduces the security of your data, by making analysis possible that is not otherwise. For instance, learning where distinct files are located within the blob. Especially problematic if, by some means, it is possible to learn or guess some or all of the plaintext contents of the changed portion-- even once, because this could lead to compromising the entire encrypted volume. Truecrypt on DropBox therefore seems to me to offer some protection, but not truly hard security. The Truecrypt documentation discusses this problem with regard to backups-- without taking particular precautions, repeatedly backing up an encrypted volume as it changes over time can present the same sort of security risk. You would want to think carefully about this before using it for, say, running a dissident movement in a country that doesn't like dissidents, or for holding classified documents, or for anything else that could come under attack from real cryptography experts.

        • Chris Hoffman
          September 29, 2012 at 12:10 pm

          Wow, that's a great point. I suppose I've been coming at this from a more consumer perspective -- if all you want is to encrypt some financial documents, I don't think using Truecrypt and Dropbox is a problem. No one's going to target you when there are so many easier targets out there.

          If you're a dissident in an oppressive country though, that's a good point -- there are some issues there.