Secure your Dropbox on Mac and Linux
Ever thought it might be worth encrypting your Dropbox, but were held back because it’s just too much work? I know I was. But not anymore – welcome to this 5 step guide to a secure Dropbox. It only takes a few minutes of work – compile time excluded.
This guide will use encfs, which uses business proof AES or Blowfish algorithms. Most importantly, it has a major benefit over other available encryption mechanisms – it operates on blocks. It doesn’t hide an entire encrypted volume in a single file. This approach doesn’t work well with Dropbox, because once the user changes only one file the whole Dropbox will be synchronized.
- Install MacFuse.
- Install encfs. If you have Homebrew, this is as easy as:
$ sudo brew install encfs
- Delete your files from Dropbox. After deleting them, make sure to go to the webapp, hit ‘Show Deleted Files’ and delete each file/folder permanently.
- Now comes the fun part. Set up your encrypted Dropbox:
$ encfs ~/DropboxEncrypted ~/Dropbox
Enter ‘y’ to create the folder DropboxEncrypted, enter ‘p’ for Paranoia mode and chose a password.
- You’re done. ~/Dropbox will show your files just fine, but when you take a look at them on the webapp, you will see them encrypted.
After a reboot, the userspace mount of ~/Dropbox will be lost. Repeat step 4 to mount it again. If you ever want to unmount yourself, just umount it. This process can be automated with encfsvault.
Linux users, don’t worry – I didn’t forget you. Switch MacFuse with fuse and encfsvault with pam-mount. You’re a Linux user, you will manage.
Update for Lion users:
Don’t use MacFuse, it’s obsolete. Just install fuse4x and fuse4x-kext, then encfs – all via homebrew.
Category: articles | Tags: dropbox, encfs, encryption, fuse, homebrew, macfuse, OS X 6 comments »
February 11th, 2011 at 11:32 pm
[…] This post was mentioned on Twitter by preek and HN Firehose, newsery1. newsery1 said: Secure your Dropbox on Mac and Linux – http://bit.ly/gFlVE6 – [Hacker News FH] […]
February 24th, 2011 at 9:08 pm
Interesting! I mostly don’t bother, I just don’t put sensitive data on my Dropbox. Of course, as a PhD student I use it to store my “working copy” of my thesis and ongoing papers but let’s face it, no-one will steal this kind of stuff.
Anyway, thanks for sharing. If I start using a new Dropbox account, I will probably do it.
Cheers,
Ruben
April 15th, 2011 at 9:57 am
Why did you chose Dropbox? What is the benefits of using it and not using alternatives like Spideroak, Wuala? i want a real world explanation:)
April 15th, 2011 at 10:15 am
Hi Kaigara,
you already gave your answer: the services you named are alternatives. Dropbox is the most used service – and I use it regularly for collaborating with work colleagues, friends and even my girlfriend.
In the great big world, nobody knows spideroak and wuala. Instead of using those, I can just do a webdav or ssh-fs share on one of my servers.
Hope this helps,
Alain
July 9th, 2011 at 9:26 am
Dear Alain,
I’ve tried to setup a Encrypted Home-Director on Snow Leopard but the provided bash-script fpr EncfsVault will fail. Here’s the error:
Empty password are forbidden
Assertion failed: (px != 0), function operator->, file /usr/local/include/boost/smart_ptr/shared_ptr.hpp, line 418.
/usr/local/bin/setupNewEncfsVaultUser: line 110: 541 Abort trap sudo encfs -S $USERHOMEPATH.${USERNAME} $USERHOMEPATH${USERNAME} — -oallow_other <<EOF
x
1
256
512
1
yes
yes
no
no
$USERPASSWORD
$USERPASSWORD
EOF
Error: encfs failed to create the EncFS mount.
Restoring encfs_user files
**************************************************
Failed to setup user encfs_user
**************************************************
Maybe you could help me with that. I'm sure it is a error caused by setupNewEncfsVaultUser because mounting encfs volumes work flawlessly with the latest core macfuse package? Any suggestions?
July 9th, 2011 at 11:10 am
Dear La_Tristesse,
As it says in the error message: “Empty password are forbidden”
There’s probably better ways for encrypting your home directory in OSX – for example the File Vault.
Best,
Alain