Secure your Dropbox on Mac and Linux

Ever thought it might be worth encrypting your Dropbox, but were held back because it’s just too much work? I know I was. But not anymore – welcome to this 5 step guide to a secure Dropbox. It only takes a few minutes of work – compile time excluded.

This guide will use encfs, which uses business proof AES or Blowfish algorithms. Most importantly, it has a major benefit over other available encryption mechanisms – it operates on blocks. It doesn’t hide an entire encrypted volume in a single file. This approach doesn’t work well with Dropbox, because once the user changes only one file the whole Dropbox will be synchronized.

  1. Install MacFuse.
  2. Install encfs. If you have Homebrew, this is as easy as:

    $ sudo brew install encfs

  3. Delete your files from Dropbox. After deleting them, make sure to go to the webapp, hit ‘Show Deleted Files’ and delete each file/folder permanently.
  4. Now comes the fun part. Set up your encrypted Dropbox:

    $ encfs ~/DropboxEncrypted ~/Dropbox

    Enter ‘y’ to create the folder DropboxEncrypted, enter ‘p’ for Paranoia mode and chose a password.

  5. You’re done. ~/Dropbox will show your files just fine, but when you take a look at them on the webapp, you will see them encrypted.

After a reboot, the userspace mount of ~/Dropbox will be lost. Repeat step 4 to mount it again. If you ever want to unmount yourself, just umount it. This process can be automated with encfsvault.

Linux users, don’t worry – I didn’t forget you. Switch MacFuse with fuse and encfsvault with pam-mount. You’re a Linux user, you will manage.

Update for Lion users:
Don’t use MacFuse, it’s obsolete. Just install fuse4x and fuse4x-kext, then encfs – all via homebrew.

Category: articles | Tags: , , , , , , 6 comments »

6 Responses to “Secure your Dropbox on Mac and Linux”

  1. Tweets that mention Secure your Dropbox on Mac and Linux | Alain M. Lafon -- Topsy.com

    […] This post was mentioned on Twitter by preek and HN Firehose, newsery1. newsery1 said: Secure your Dropbox on Mac and Linux – http://bit.ly/gFlVE6 – [Hacker News FH] […]

  2. Ruben Berenguel

    Interesting! I mostly don’t bother, I just don’t put sensitive data on my Dropbox. Of course, as a PhD student I use it to store my “working copy” of my thesis and ongoing papers but let’s face it, no-one will steal this kind of stuff.

    Anyway, thanks for sharing. If I start using a new Dropbox account, I will probably do it.

    Cheers,

    Ruben

  3. Kaigara

    Why did you chose Dropbox? What is the benefits of using it and not using alternatives like Spideroak, Wuala? i want a real world explanation:)

  4. Alain M. Lafon

    Hi Kaigara,

    you already gave your answer: the services you named are alternatives. Dropbox is the most used service – and I use it regularly for collaborating with work colleagues, friends and even my girlfriend.

    In the great big world, nobody knows spideroak and wuala. Instead of using those, I can just do a webdav or ssh-fs share on one of my servers.

    Hope this helps,
    Alain

  5. La_Tristesse (@La_Tristesse)

    Dear Alain,

    I’ve tried to setup a Encrypted Home-Director on Snow Leopard but the provided bash-script fpr EncfsVault will fail. Here’s the error:

    Empty password are forbidden
    Assertion failed: (px != 0), function operator->, file /usr/local/include/boost/smart_ptr/shared_ptr.hpp, line 418.
    /usr/local/bin/setupNewEncfsVaultUser: line 110: 541 Abort trap sudo encfs -S $USERHOMEPATH.${USERNAME} $USERHOMEPATH${USERNAME} — -oallow_other <<EOF
    x
    1
    256
    512
    1
    yes
    yes
    no
    no
    $USERPASSWORD
    $USERPASSWORD
    EOF

    Error: encfs failed to create the EncFS mount.
    Restoring encfs_user files
    **************************************************
    Failed to setup user encfs_user
    **************************************************

    Maybe you could help me with that. I'm sure it is a error caused by setupNewEncfsVaultUser because mounting encfs volumes work flawlessly with the latest core macfuse package? Any suggestions?

  6. Alain M. Lafon

    Dear La_Tristesse,

    As it says in the error message: “Empty password are forbidden”

    There’s probably better ways for encrypting your home directory in OSX – for example the File Vault.

    Best,
    Alain


Leave a Reply


*