Nowadays there are a lot of possibilities of storing documents online – which is quite handy if you need to have stuff available on different devices or share it with others. I think one of the first who managed to make this quite easy and even supported all major OS’s was Dropbox. So I take Dropbox as example but this should work with Microsoft’s SkyDrive and Google Drive as well. You have to put a certain amount of trust in these companies and when it comes to data a little more sensitive it’s advisable to encrypt it before uploading. My first approach was a TrueCrypt container and this of course works very well but when I stumbled upon EncFS I seconded TrueCrypt. The combination of Dropbox and EncFS works on all my OS’s: Linux, Windows, MacOSX and Android – isn’t that great?
Let me state this right at the beginning: I gathered almost everything in this post from others and I will indicate the original source. I just wanted to put it all together – next time I need it I know where to look!
Let’s start with my main OS and set up everything from here. I got all I needed to know from the guys at WebUpd8 – thanks for that! They concentrate on Ubuntu mostly but of course you can “translate” their howto’s to Fedora as well. So, if you’re running Ubuntu/Debian go ahead with their original post from here.
To install EncFS simply run:
# yum install fuse-encfs cryptkeeper
Cryptkeeper is a nice GUI for EncFS but installation is optional. Once installed create the Dopbox folder which will hold your encrypted stuff, i.e.:
# mkdir ~/Dropbox/mystuff
and the folder where files are going to be mounted un-encrypted, i.e.:
# mkdir ~/Private
Now setup EncFS by:
# encfs ~/Dropbox/mystuff ~/Private
I followed recommendations by WebUpd8 and selected “p” for paranoia mode. Choose a password and you’re set!
Using Debian I had to add my user to the “fuse” group before I could run encfs commands. So run as root:
# usermod -aG fuse
Now start cryptkeeper (either by command line or by choosing the menu entry) and you’ll find a new icon in your notification bar:
Right clicking the icon will give you some setting options. If you’re running Gnome you should be fine. If you’re running KDE you might want to replace nautilus with dolphin as filemanager. Left clicking the icon will let you choose to import an already setup EncFS folder. Choose this and add your folders created before. Now you can mount your encrypted filesystem by simply clicking the icon and selecting the filesystem. You might want to add cryptkeeper to your startup programs (run gnome-session-properties for this).
Once your EncFS is mounted you can drop files into your
~/Private folder and you will see them encrypted in
There is one (hidden) file though called “.encfs6.xml” (something like the public key for your encryption) and the guys at WebUpd8 suggest to exclude it from being synced to Dropbox. Doing so will have two consequences:
- you’ll have to copy this file manually to all other machines
- you won’t be able to decrypt stuff on Android devices
However, if you’d like to do that, first copy the file somewhere else (as it’s going to be deleted) and then exclude it, i.e.:
# cp ~/Dropbox/mystuff/.encfs6.xml ~/Downloads
# dropbox exclude add ~/Dropbox/mystuff/.encfs6.xml
# cp ~/Downloads/.encfs6.xml ~/Dropbox/mystuff
To reverse this run
# dropbox exclude remove ~/Downloads/.encfs6.xml
and the file will be synced again. (Maybe keep a backup of this file…)
So far so good. As I have a bunch of notebooks running different OS’s (sometimes I don’t know why myself…) and an Android phone I need to be able to decrypt stuff on those devices as well. And this is the beauty of this stuff: there are ports for every OS!
Of course you need the Dropbox Android app installed. Then install “Cryptonite“, which is a nice app for handling EncFS plus it’s open source and free! Just search for cryptonite in Google’s Play Store and install it. (In our setup you do not need a rooted device for that to work.) Now just run cryptonite and link it to your Dropbox account, choose “all folders”, then select the mystuff folder, type your password and done!
You might want to reed the “Security Considerations” though.
My “gamer” notebook runs Windows 7 and I found some nice instructions on d24m.de. I followed the howto given here (in German). You basically need something like fuse which comes for Windows as “Dokan“. So download and install the latest Dokan library from here (by the time of writing version 0.60). Then get EncFS for Windows from here. It’s a zip archive which can be extracted anywhere you want. Maybe
C:\Program Files\encfs is a good idea. Now run encfsw.exe and you’ll a see a new key icon in your panel which works pretty much like cryptkeeper with Linux!
Choose “Open/Create” to import your Dropbox\mystuff folder and type your password. From there on you can simply mount your encrypted folder by selecting the “Mount …” option. Also look into “Preferences” as this will let you autostart encfsw.exe.
Again you’ll need fuse to make EncFS work. There is a project named MacFuse but it doesn’t seem to get a lot of attention lately and thus a 64bit version (which is required for Lion) is not available. Luckily there is a fork called Fuse4X and it works pretty good on Lion. So download the latest version from here (by the time of writing 0.90) and install it. Next you’ll need EncFS compiled against Fuse4X – you’ll find it here at LisaNet (German). Again, download and install. I havn’t found a GUI so you’ll have to use command line to mount the encrypted folder (yeah, I know that’s a tough one for a default Mac user… ). Create a folder as mount point first and open a terminal (or do both in the terminal):
# mkdir Private
# encfs ~/Dropbox/mystuff ~/Private
Open Finder and you’ll see all decrypted files mounted as “fuse4x volume…”:
You’ll find the original howto for Mac OSX Lion again at d24m (in German) – thanks!
That’s about it. Now you can use encrypted Dropbox folder(s) on every OS (Sorry, don’t know about iOS though…). Thanks again for those nice howtos at WebUpd8 and d24m.de! And of coures a big thanks to all those porting free software to proprietary operating systems!