Top Nav

How to Encrypt Your Dropbox Folder

Add encryption to your Dropbox account using TrueCrypt We have a popular post here at groovyPost that .  The lengthy review has given rise to quite a bit of discussion in the comments, including a bit of controversy over security. Dropbox and SugarSync, which both utilize Amazon’s S3 web storage, claim that your data is safe from hackers due to the SSL encryption during sync and 128-AES encryption at rest. But what about Dropbox / SugarSync staff?  Could a rogue employee simply access your files by changing or overriding your password?  After some back and forth in the comments, I think we came to the reasonable conclusion that yes, they could.

While the likelihood of this actually happening to you is probably very low, recent headlines about hack attacks against Sony, Gmail and even LastPass prove that you can never be too safe. With that in mind, I thought I’d share with you a tip for making your Dropbox data more secure. In particular, it prevents an unscrupulous employee at Dropbox from accessing your most sensitive data by encrypting it.

TrueCrypt + Dropbox = Super Security

This <— is a a link to a volume that contains the following text document (without the blur):

dropbox encryption ssl aes

I am 100% comfortable putting this text document in my public folder.  Why? Because it’s in an encrypted volume that I created with TrueCrypt. Go ahead and download it, if you’d like—you won’t be able to get to that text document without my password and keyfiles. You can try cracking it, if you’d like, but it’s encrypted with AES and a RIPEMD-160 hash. Meanwhile, I can still access that file just as easily as I can my other Dropbox files. Groovy, huh? Here’s how I did it:

Stage 1 – Create the Truecrypt Volume

Stage 2 – Mount the Truecrypt Volume

Creating a TrueCrypt Volume

Step 1

Download and install TrueCrypt for free. The instructions here are pretty straightforward.

truecrypt and dropbox integration

Note: There are two ways to install TrueCrypt. For Dropbox users, I would recommend the Extract method. This creates a portable version of the app that you can put on a USB drive or even in your Dropbox folder. This saves you from downloading and installing TrueCrypt if you are using someone else’s computer. For your main computer, feel free to do the default install.

Step 2

Run TrueCrypt.exe and Click Create Volume. encrypted dropbox

Step 3

Select Create an encrypted file container. There are some more advanced options here, but we’ll cover those later. Click Next.

create a volume in truecrypt

Step 4

Select Standard TrueCrypt volume and Click Next.

how to encrypt dropbox folder

Step 5

Click Select File…

add an encrypted volume to dropbox

…and then browse to your Dropbox folder. Create a filename for your volume. It can be anything you want—the extension doesn’t matter.

dropbox encrypted volumes

It doesn’t even need an extension, in fact. Originally, I thought it would be clever to disguise it as another file type, such as “mysummervacay.jpg” but it turns out that this can cause false positives from your virus scanner. To stick with convention, go with .tc or skip the extension altogether.

Step 6

Feel free to change the encryption options. There are some useful links here to help you understand your different choices, but I imagine they are all sufficiently secure. I stuck with the defaults.

dropbox encrypted volumes

Step 7

Choose a volume size. You’ll want to choose this realistically based on how much Dropbox space you want to devote to your encrypted volume. If you’re like me and only use your encrypted volume for a couple of text files and perhaps a PDF, 10 MB is more than enough. If you want to encrypt your whole dang Dropbox folder, feel free to do 2 GB.

dropbox security encrypytion

The one thing that you should note before moving on is that you can create a dynamic volume. That is, it “expands” as you add files to it, so that if it’s a 2 GB file container but it only has 5 MB of data in it, it’ll only take up 5 MB of Dropbox space. That’s nice, but it’ll run a bit slower. It’s up to you.

Step 8

Set up a password. Choose a . Otherwise, all this encryption will be for nothing.

dropbox password protection

For more security, choose a keyfile. This can be any file on your Dropbox, on your local hard drive or on a USB drive. It’ll work just like a key would—without this file, you can’t access the volume. So, make sure you don’t delete it! This is more secure than a password—especially if you choose multiple keyfiles.

Step 9

In the next screen, TrueCrypt will ask you to wiggle your mouse around to randomize the hash key. It’s kind of fun. When you’re satisfied, Click Format.dropbox password protection

And you’re done!

passworded dropbox

Your volume is a completely standalone file. You can drag it and drop it, copy it and paste it or move it to anywhere you’d like. To read and write to the volume, you just have to mount it using TrueCrypt.

Mounting TrueCrypt Volumes from your Dropbox

Step 1

Launch TrueCrypt and Click Select File…

Then, Browse to the volume you just created and open it.

mount encrytped volumes from dropbox

 

Step 2

Select a drive letter and then Click Mount.

mount encrytped volumes from dropbox

Step 3

Enter your password and, if you chose a keyfile, browse for it by checking Use keyfiles and Clicking Keyfiles.

dropbox folder encryption

Step 4

Your volume will now be mounted as a local volume under Computer in Windows Explorer.

dropbox folder encryption

Step 5

Add files to it just like you’d save files to a USB drive.

They’ll be saved in the encrypted volume, where they’ll be ready and waiting for you next time you mount the volume.

dropbox security tips

Step 6

One last thing: in order for Dropbox to sync your volume, you have to unmount it. To do so, launch TrueCrypt, select the drive and Click Dismount.

how secure is dropbox?

Conclusion

Dropbox is already fairly secure. But for that extra bit of protection, it’s not a bad idea to keep your most sensitive documents in an encrypted volume. You’ll still be able to access your file, as long as you have a copy of TrueCrypt handy (which can be saved as portable version on your Dropbox account) and can remember your password. You won’t be able to access items in an encrypted volume from the web or a smartphone, either. I recommend using TrueCrypt for infrequently accessed files, such as financial documents, old tax returns and other sensitive material that you might have if you’ve transitioned to a digital filing system.

, , ,

19 Responses to How to Encrypt Your Dropbox Folder

  1. acupuncture June 11, 2011 at 7:47 am #

    Excellent write up. Definitely a must for anyone storing their info in the cloud. Personally I’m not of the mind to let anything sensitive into the cloud. While Google’s Chrome OS might want me to do absolutely everything in the cloud and keep it there I just don’t trust anyone with my sensitive information and I’m sure I’m not alone in that. That’s why people will always want some form of off-line storage, imo.

    Nonetheless, this certainly is a good security option. Thanks.

    • MrGroove June 13, 2011 at 8:23 am #

      Are you saying don’t put anything into the cloud even if encrypted?

      • acupuncture June 13, 2011 at 8:45 am #

        Oh no, not at all. I have a ton of stuff in the cloud not even encrypted. It’s just not “sensitive” information. Just got a lot of my music into Google Music beta and really like it. Use gMail, gDocs, gCal, etc. . . all the time. 98% or more of my stuff is now in the cloud.

        I just think a lot of people, including myself, don’t want to put anything in the cloud that is highly “sensitive.” Even if it is encrypted. I’ve been able to upload password protected files of which I’ve lost/forgotten the password and had them cracked in seconds. . . so I’m not sure how protected anything can actually ever be unless you have it on an external storage device, encrypted, and hidden ;)

        I think the cloud is great and this article certainly adds a layer of security but would you trust it for something highly sensitive you’re putting in the cloud or would you keep it out of the cloud?

        • groovinJackman June 13, 2011 at 8:48 am #

          here’s a semi-related followup question: would you EMAIL sensitive information? i.e. soc. security number, bank acct no.s? I worked with a mortgage company and a CPA who both asked for this junk. I think I opted to fax it then, but if I would’ve sent it as a PDF then it’d be in my Gmail archive forever.

          • acupuncture June 13, 2011 at 8:57 am #

            No, I won’t send stuff like that through email. No way! I’ve read enough about email servers & services keeping copies of emails floating around without the user’s knowledge to have me well paranoid about info in emails.

            Like you state, once in the email it may well be forever in an archive and probably not just yours.

            While I do a lot of purchasing on-line I’m careful to ensure that certain info never goes over the web. Sure, a credit card might get scammed (best to use a temp number cc) but I’m pretty well protected there and that’s easy to find out but letting your ss & account numbers out. . . that can cause some real damage.

  2. Joanna June 13, 2011 at 6:45 am #

    Some good advice. Good article, THANKS!

  3. Pat Drummond July 6, 2011 at 1:27 pm #

    I prefer a simpler solution to safeguard text files in the cloud. I use fSekrit to encrypt accounts, phone codes, banking etc. Security is solid. The encrypted file is self-extracting anywhere with a password and you can edit then save. On a schedule, I also use Notetab Pro script to open my files in my Dropbox folder, run fSekrit to open the encrypted files, then copy/paste to create new ones. Only ‘con’ is my Android phone can’t open them – but that’s a good thing in case I lost it.
    Find links here: http://web.ncf.ca/ad995/pdqlib/download.html#security

  4. Serge January 27, 2012 at 6:22 am #

    This must be the most comprehensive and simple explanation for how to use DB with TC.

    I’ve first made my volume to 1Gb but I can see why a smaller volume size it’s better since DB sync is taking ages to complete.

    Many thanks!

    • Steve Krause January 27, 2012 at 8:16 am #

      You’re very welcome. Welcome to the site. Hope to see you around in the comments!

  5. Martin Rio April 8, 2012 at 10:48 pm #

    I have a question about this method: Is Dropbox able update parts of a Truecrypt volume? For example: Say I have a 2GB Truecrypt volume filled with many <5MB PDF files. The volume is initially fully synced with Dropbox, I mount it, make a change to one of the PDF files, and unmount it. Is Dropbox able to sync the part I changed or does it have to re-sync the entire 2GB?

    Thanks in advance!

  6. Johan June 19, 2012 at 3:05 am #

    Hi there, this is not great as every time you make even a small edit change in a file in your “encrypted volume” the whole 10 mb will be uploaded. Especially annoying if you want a 1 gig volume :)

    I see most encrypters like boxcrypt etc encrypts on file level so only the file is reloaded, obviously the name, type etc is also encoded.

    Wish there was a way to get truecrypt to work like this…

  7. Merlot February 16, 2013 at 2:46 pm #

    Dropbox only transfers the parts of a file that changed, so it doesn’t matter if you have a large TrueCrypt container file. If you only make some small changes, only that amount of data is transmitted.

    When you create your new TrueCrypt container file, all of it has to be uploaded to the Dropbox servers. Thereafter, only the changed parts have to be transferred.

    This works well with TrueCrypt because TrueCrypt uses a block cipher. When data is changed in a TrueCrypt container file, it only affects the blocks containing the data and not the rest of the file.

    One fly in the ointment as Jack said is that you have to unmount your TrueCrypt volume before Dropbox will transfer the changes, even though TrueCrypt makes changes to the file as you work. TrueCrypt must be denying read access on open container files which is why the transfer can’t happen until you unmount the volume.

    A consequence of this is that if you just rely on the automatic unmount when you log off your pc, your changes won’t be synced with other devices until you log back into your pc again at which point they’ll at last be uploaded to Dropbox.

    • Jack Busch February 16, 2013 at 5:13 pm #

      Thanks for chiming in! Nice explanation of the syncing.

  8. Michele Houston March 13, 2013 at 3:11 pm #

    This is very interesting. I did something slightly differently. I was content with the online encryption, but moved my desktop folder into the TrueCrypt volume already existing on my computer. This prevents anyone who gets a hold of my computer from opening my dropbox folder. But then I realized that all they have to do is type in “dropbox” into the “search programs” box in the Start menu and get a quick link right into my website, no password required. Does your approach solve this issue, or is there another way around it? Thanks for any insights!

    • Merlot March 13, 2013 at 3:30 pm #

      I’m not really sure why you added your desktop folder to the TrueCrypt volume on your computer. The desktop is just a folder containing all the stuff that appears on your desktop. Anything in your TrueCrypt folder is accessible only to those who know your password once you’ve unmounted it, but that bears no relation to the files in your other folders.

      Also not sure why you say anyone that can find your Dropbox folder has access to your webspace with no password required. Anything they put in the folder will be uploaded to the Dropbox servers but they won’t be able to explicitly download anything from Dropbox and to login to the website as you, they’ll need your Dropbox password.

      However, if you think someone can access your computer and get to all the unencrypted files in your Dropbox folder, they probably have all they want already

  9. Michele Houston March 13, 2013 at 3:46 pm #

    Actually, what I did was put my computer-side Dropbox folder into the TrueCrypt volume. Therefore, if someone got a hold of my computer, they could not get into the DropBox folder that resides on my computer. I do not have all my desktop in the TrueCrypt volume. Just my Dropbox folder and various other files
    The problems is that, even when the TrueCrypt volume is not mounted, I can go to the Windows Start Menu, type in “Dropbox” in the program search box, and a link to my Dropbox site is returned. When clicked on, my website folder is entered, without requiring a password.

  10. Merlot March 13, 2013 at 4:10 pm #

    Dropbox starts trying to sync as soon as you login but unless you have already unmounted your Truecrypt volume by then, Dropbox will not be able to find its folder. Maybe it will then create another folder somewhere else and maybe that’s what happened – I don’t know. It is probably better to do it the other way round and put Truecrypt volume inside Dropbox folder

    • Michele Houston March 13, 2013 at 5:43 pm #

      I think you’re right. Thanks!

Leave a Reply

 

×

Amazon Kindle Fire HD7 $114 - Limited Time Only Learn more