2 Ways to Encrypt Dropbox Files on Ubuntu Desktop & Server
If you are wondering “is Dropbox safe for confidential files”, you have come to the right place. This tutorial shows you 2 ways to encrypt files in your Dropbox account to protect your confidential files from prying eyes. This will be very helpful for those who are worried about privacy and security when storing files on cloud storage providers. Experienced Linux users can set up their own cloud storage using NextCloud, but not everyone has the skill or time to manage self-hosted cloud storage. When your Dropbox files are encrypted, no one can read them without the encryption password.
Note: This tutorial works on all current Ubuntu versions, including Ubuntu 18.04, 20.04, and 20.10.
The first method uses a graphical tool called Cryptomator and the second uses a command-line tool CryFS, which is suitable for servers. Both of them are open-source. If you haven’t installed Dropbox on Ubuntu yet, please check out the following tutorials.
These two tools can also be used to encrypt other cloud storage like Google Drive and NextCloud. I use Dropbox as an example.
Dropbox File Encryption with Cryptomator on Ubuntu Desktop
Cryptomator is a free, open-source and easy-to-use software for encrypting cloud storage. It uses client-side encryption, which means each file is encrypted on the user’s computer before sending to the cloud. File content, file name, file size and directory names will all be encrypted.
It can run on Linux, Mac, Windows, Android and iOS. To install Cryptomator on Ubuntu, run the following 3 commands in terminal, which will install Cryptomator from the developer‘s PPA.
sudo add-apt-repository ppa:sebastian-stenzel/cryptomator sudo apt update sudo apt install cryptomator
Once installed, Cryptomator can be started from your application menu.
Or you can start it from the command line.
cryptomator
When you first start Cryptomator, there is no vault. A vault is basically a virtual hard drive. So we need to click the plus button at the bottom left corneer and create a vault.
Choose Create New Vault.
A new window appears. Give your vault a name.
And choose your Dropbox folder as the destination.
Next, set a password to protect your vault. You can also create a recovery key in case you forget your password. If you store the password in a password manager, I think you don’t need a recovery key.
To start using Cryptomator, you need to re-enter your password to unlock the vault.
The vault will be mounted as a virtual hard drive under ~/.local/share/Cryptomator/mnt/. You can press Ctrl+D to bookmark vault directory in your file manager.
Now you can put your files in the vault and they will be automatically encrypted in the background and then stored in your Dropbox folder, which is then synchronized to Dropbox servers. For example, I put 3 png files in the vault.
Here is how they look like in Dropbox.
Since Cryptomator do encryption and decryption on-the-fly, the unlocked vault doesn’t take any space on your hard drive. Once your encrypted files are synchronized to Dropbox servers, you can lock your vault.
Once it’s locked, the virtual hard drive disappears from your file manager, so no one can see the original files without password.
How To Access Encrypted Files on Another Computer
Install Dropbox and Cryptomator on the second computer. Wait for Dropbox to finish syncing. Then start Cryptomator on the second computer and select “Open Existing Vault“.
Navigate to the Dropbox folder and select the Cryptomator master key.
The master key is encrypted with your vault password, so you need to click the Unlock Now button and enter your vault password to decrypt the key, which in turn will unlock the encrypted vault.
If you want to share encrypted files, then create a separate vault with a different password and let your family, friends, or coworkers install Crypmator, and then tell them the password. Currently, there’s no command-line version of Cryptomator. That’s where CryFS comes in.
Using CryFS to Encrypt Dropbox on Ubuntu Server & Desktop
CryFS stands for cryptographic filesystem. It is a free, open-source encryption tool created specifically for cloud storage. Its usage is very similar to Cryptomator and can encrypt file contents, file name, file size, and directory structure.
CryFS is included in the Ubuntu repository since 17.04, so you can install CryFS by running the following command in the terminal.
sudo apt install cryfs
Ubuntu 16.04 users need to install CryFS from its repository. First, create a source list file for CryFS.
sudo nano /etc/apt/sources.list.d/cryfs.list
Then add the following line into the file.
deb http://apt.cryfs.org/ubuntu xenial main
Save and close the file. Next, download and import CryFS public key using the following command.
wget -O - https://www.cryfs.org/apt.key | sudo apt-key add -
Update package index and install CryFS.
sudo apt update sudo apt install cryfs
To create an encrypted vault in Dropbox, run the following command.
cryfs ~/Dropbox/encrypted ~/mountdir
This will create two directories. ~/Dropbox/encrypted is where the encrypted versions of your files are stored. They will be synchronized by Dropbox. ~/mountdir is where you access the decrypted files. You will be asked to create a password.
Now you can put files in mountdir directory and they will be automatically encrypted on the background and stored in ~/Dropbox/encrypted/ directory.
If I create a plain text file in ~/mountdir using the following command,
linuxguru@ubuntu:~$ echo "hello world" > ~/mountdir/file
The file content, file name, file size and directory structure will be encrypted in Dropbox folder.
linuxguru@ubuntu:~$ ls ~/Dropbox/encrypted/A60/ 8EB642B7806A722005C45A7BBACD0
You can access your files through your mount directory, CryFS actually places them in ~/Dropbox/encrypted after encrypting. CryFS will encrypt and decrypt your files on the fly as they are accessed, so files will never be stored on the disk in unencrypted form.
To unmount, run:
fusermount -u ~/mountdir
To remount, run the following command and enter your password.
cryfs ~/Dropbox/encrypted ~/mountdir
How To Access Encrypted Files on Another Computer
Install Dropbox and CryFS on the second computer. Wait for Dropbox to finish syncing. Then mount the encrypted directory using the following command. You will need to enter your CryFS password.
cryfs ~/Dropbox/encrypted/ ~/mountdir
Now you can access files in ~/mountdir.