I'd like to set a single directory inside Dropbox in which files are encrypted on a file-by-file basis.
At the moment, I use a 2Mb Truecrypt container inside my Dropbox which I then have to mount manually, access/change the files within, then unmount manually. At that point, the entire 2Mb uploads to Dropbox. This is a pain for a number of reasons :
- Dropbox sync will only occur when the Truecrypt container is unmounted, because Dropbox only syncs files that aren't locked and mounting a container locks it.
- A single byte change to one file inside that container results in the whole 2Mb being uploaded again.
- It doesn't scale - I was originally using a 10Mb container, but obviously the bigger the container, the longer it takes to sync when it's unmounted.
I was wondering if I can somehow use LUKS to implement file-by-file encryption to get round the "container" issues.
I have two methods in place with my Dropbox.
The first is using CryptKeeper . This creates and mounts
enc_fs
encrypted directories, independent of the Ubuntu implementation of Private.Instructions by Scaine on using Cryptkeeper are here: How can I do individual file encryption on Dropbox?
The second is symlinking selected directories from
~/.Private
into the Dropbox directory. This automatically uploads (and syncs) the encrypted versions of files normally situated in~/Private
. This assumes you have set up the encrypted Private directory! It can also be initially tricky to find the correct one to link.While neither of these is strictly encryption of a single file, as both use a container of sorts, both methods scale easily as only changed files are uploaded.
As far as I know there will be an integrated encryption mechanism in Dropbox in the future. (I so in feature's requests). In the meantime you may encrypt/decrypt files locally then synchronise them via Dropbox storage.
Cryptkeeper allows for a per-file encryption folder to be set up as follows :
Install Cryptkeeper :
Create an encrypted container :
Left click on the Cryptkeeper icon, then right-click on your new container and delete it (Choose "Delete Encrypted Folder").
Choose "Ok" at the first prompt :
Then choose "No" at the last prompt :
Now you'll have a .Private_encfs folder in the directory you specified earlier. Copy this up to Dropbox at the location of your choosing, then simply import that folder from the Cryptkeeper icon. When you import, you'll be asked where you'd like your encrypted data to be mounted. Choose somewhere outside of Dropbox and you'll have a fully encrypted folder integrated into Nautilus into which you can place sensitive files and the encrypted versions of those files will be uploaded to Dropbox automatically.
I use TrueCrypt inside (gigabyte volumes) DropBox and you do not have to upload the whole container every time you change a file. On TrueCrypt GUI there is something called Preserve Time stamp just un tick it (google it) and you will only upload the parts of the container that has changed. Works really well – one thing to keep in mind if you sync with Mac is that if you click on your volume to mount it and you are tempted to select TrueCrypt to be associated with that file Mac will add a resorue fork which Linux Dropbox will refuse to sync. To fix it download FileBuddy on the Mack and use the delete option where you will be offered the option of deleting just the resource fork. Truecrypt has advantages the Cryptkeeper/ecryptfs-util does not have. I think with the Cryptkeeper you may take advantage of the versioning capability of DropBox but I have not tested this.
Best of luck