2 Ways to Encrypt Dropbox Files on Ubuntu Desktop & Server

If you are wondering “is Dropbox safe for confidential files”, you have come to the right place. This tutorial shows you 2 ways to encrypt files in your Dropbox account to protect your confidential files from prying eyes. This will be very helpful for those who are worried about privacy and security when storing files on cloud storage providers. Experienced Linux users can set up their own cloud storage using NextCloud, but not everyone has the skill or time to manage self-hosted cloud storage. When your Dropbox files are encrypted, no one can read them without the encryption password.

Note: This tutorial works on all current Ubuntu versions, including Ubuntu 18.04, 20.04, and 20.10.

how to encrypt dropbox on ubuntu

The first method uses a graphical tool called Cryptomator and the second uses a command-line tool CryFS, which is suitable for servers. Both of them are open-source. If you haven’t installed Dropbox on Ubuntu yet, please check out the following tutorials.

These two tools can also be used to encrypt other cloud storage like Google Drive and NextCloud. I use Dropbox as an example.

Dropbox File Encryption with Cryptomator on Ubuntu Desktop

Cryptomator is a free, open-source and easy-to-use software for encrypting cloud storage. It uses client-side encryption, which means each file is encrypted on the user’s computer before sending to the cloud. File content, file name, file size and directory names will all be encrypted.

It can run on Linux, Mac, Windows, Android and iOS. To install Cryptomator on Ubuntu, run the following 3 commands in terminal, which will install Cryptomator from the developer‘s PPA.

sudo add-apt-repository ppa:sebastian-stenzel/cryptomator

sudo apt update

sudo apt install cryptomator
cryptomator ubuntu 16.04

Once installed, Cryptomator can be started from your application menu.

cryptomator dropbox

Or you can start it from the command line.


When you first start Cryptomator, there is no vault. A vault is basically a virtual hard drive. So we need to click the plus button at the bottom left corneer and create a vault.


Choose Create New Vault.

cryptomator create new vault

A new window appears. Give your vault a name.

cryptomator ubuntu

And choose your Dropbox folder as the destination.

dropbox cryptomator

Next, set a password to protect your vault. You can also create a recovery key in case you forget your password. If you store the password in a password manager, I think you don’t need a recovery key.

cryptomator encryption password

To start using Cryptomator, you need to re-enter your password to unlock the vault.

cryptomator unlock the vault

The vault will be mounted as a virtual hard drive under ~/.local/share/Cryptomator/mnt/. You can press Ctrl+D to bookmark vault directory in your file manager.

cryptomator unencrypted vault

Now you can put your files in the vault and they will be automatically encrypted in the background and then stored in your Dropbox folder, which is then synchronized to Dropbox servers. For example, I put 3 png files in the vault.

Encrypt Dropbox Files on Ubuntu Desktop & Server

Here is how they look like in Dropbox.

dropbox file encryption ubuntu

Since Cryptomator do encryption and decryption on-the-fly, the unlocked vault doesn’t take any space on your hard drive. Once your encrypted files are synchronized to Dropbox servers, you can lock your vault.

cryptomator lock vault

Once it’s locked, the virtual hard drive disappears from your file manager, so no one can see the original files without password.

How To Access Encrypted Files on Another Computer

Install Dropbox and Cryptomator on the second computer. Wait for Dropbox to finish syncing. Then start Cryptomator on the second computer and select “Open Existing Vault“.

cryptomator open existing vault

Navigate to the Dropbox folder and select the Cryptomator master key.

Cryptomator master key

The master key is encrypted with your vault password, so you need to click the Unlock Now button and enter your vault password to decrypt the key, which in turn will unlock the encrypted vault.

cryptomator unlock vault

If you want to share encrypted files, then create a separate vault with a different password and let your family, friends, or coworkers install Crypmator, and then tell them the password. Currently, there’s no command-line version of Cryptomator. That’s where CryFS comes in.

Using CryFS to Encrypt Dropbox on Ubuntu Server & Desktop

CryFS stands for cryptographic filesystem. It is a free, open-source encryption tool created specifically for cloud storage. Its usage is very similar to Cryptomator and can encrypt file contents, file name, file size, and directory structure.

CryFS is included in the Ubuntu repository since 17.04, so you can install CryFS by running the following command in the terminal.

sudo apt install cryfs

Ubuntu 16.04 users need to install CryFS from its repository. First, create a source list file for CryFS.

sudo nano /etc/apt/sources.list.d/cryfs.list

Then add the following line into the file.

deb http://apt.cryfs.org/ubuntu xenial main
cryfs linux

Save and close the file. Next, download and import CryFS public key using the following command.

wget -O - https://www.cryfs.org/apt.key | sudo apt-key add -

Update package index and install CryFS.

sudo apt update

sudo apt install cryfs

To create an encrypted vault in Dropbox, run the following command.

cryfs ~/Dropbox/encrypted ~/mountdir

This will create two directories. ~/Dropbox/encrypted is where the encrypted versions of your files are stored. They will be synchronized by Dropbox. ~/mountdir is where you access the decrypted files. You will be asked to create a password.

cryfs encypte dropbox

Now you can put files in mountdir directory and they will be automatically encrypted on the background and stored in ~/Dropbox/encrypted/ directory.

If I create a plain text file in ~/mountdir using the following command,

linuxguru@ubuntu:~$ echo "hello world" > ~/mountdir/file

The file content, file name, file size and directory structure will be encrypted in Dropbox folder.

linuxguru@ubuntu:~$ ls ~/Dropbox/encrypted/A60/

You can access your files through your mount directory, CryFS actually places them in ~/Dropbox/encrypted after encrypting. CryFS will encrypt and decrypt your files on the fly as they are accessed, so files will never be stored on the disk in unencrypted form.

To unmount, run:

fusermount -u ~/mountdir

To remount, run the following command and enter your password.

cryfs ~/Dropbox/encrypted ~/mountdir

How To Access Encrypted Files on Another Computer

Install Dropbox and CryFS on the second computer. Wait for Dropbox to finish syncing. Then mount the encrypted directory using the following command. You will need to enter your CryFS password.

cryfs ~/Dropbox/encrypted/ ~/mountdir

Now you can access files in ~/mountdir.

Click to rate this post!
[Total: 178 Average: 1]

Leave a Reply