I have long ago been using Dropbox. But for nesekyurnogo content. from storing sensitive information (such as: passwords, profiles of Firefox with precious cookies or a card with the burial place of family jewels), I was always repelled by the realization that my data could potentially read by someone else.
Yes I know that my files are not wanted, and yes, I imagine how small the probability that the whole heap of users Dropbox attackers decide prosherstit is my store. However, paranoia - a serious illness, you know. And sometimes, instead of to fight it better to give in to temptation and a couple of hours pokrasnoglazit to please her.
What would like to receive:
- the ability to create encrypted folders inside Dropbox;
- work with the data within it should be possible to transparently me, and ideally do not differ from the files within the normal folders
- solution should work in Mac OS X. Cross-platform is not necessary but welcome.
TrueCrypt
My first thought was to use proven time Truecrypt, which, moreover, is for all systems. However, after thinking properly, I realized that this solution is not "transparent" for me. And now for some reasons:
- too much space: predetermined amount of an encrypted container, regardless of the number of stored information.
- Unnecessary movements: a container file is changed only when unmount the encrypted volume. Thus, to commit the changes necessary to unmount it each time. But after syncing back mount .
- disproportionate traffic: Even if the inside of the container has changed just one byte, perezalivat have the whole container full (not too fast, especially if the container volume in polgiga and speed of the Internet leaves a lot to be desired). As indicated in a comment, dropboks perezalivaet not the entire file, but only the changed parts.
FileVault
Rejecting the option of "the whole container in one file, I decided to dig into the side of the file-by-file encryption. In Mac OS X for this purpose has built-in: FileVault. From the pluses of this decision can be noted for easy installation: to activate it just press the button «Turn On FileVault» in System Preferences> Security> File Vault. But to me it does not fit, since, in the first, FileVault encrypts all your home directory (and I only need one folder in Dropbox), and secondly, I wanted to get at least some cross-platform.
EncFS
In the end, I decided to use for their purposes cryptographic file system EncFS. This open-source filesystem based on FUSE allows transparent encryption of files, using an arbitrary folder as a place to store encrypted files.
In our case, as the storage of encrypted files, we specify a folder inside the Dropbox, but as motirovaniya point - the folder elsewhere. Thus, synchronized with the server is encrypted content, and access to the decrypted will be implemented through a mount point on our computer.
Unfortunately EncFS yet only available for Unix-like systems. Project porting it to Windows exists, but is currently in its infancy.
Installation
- First install Dropbox and MacPorts (if they have not yet installed)
- Set up the ports package EncFS:
$ sudo port install encfs
- Create two folders: one - for encrypted files inside dropboksa and another for the decrypted - in any location convenient to you.
$ mkdir ~ / Dropbox / Encrypted
$ mkdir ~ / Documents / Decrypted
- Create an encrypted volume:
$ encfs / Users /% username% / Dropbox / Encrypted / Users /% username% / Documents / DecryptedObratite note that the path to the folder must be made from the root . Instead of% username%, of course, you need to substitute your user name.
Creating a volume is online. First, we get prompted to select an encryption setting:
Creating new encrypted volume.
Please choose from one of the following options:
enter «x» for expert configuration mode,
enter «p» for pre-configured paranoia mode,
anything else, or an empty line will select standard mode.
?
Select Standard mode (any character except "X" and «p») will create a volume with the following parameters:
Cipher: AES
Key Size: 192 bits
PBKDF2 with 1 / 2 second runtime, 160 bit salt
Filesystem Block Size: 1024 bytes
Filename Encoding: Block encoding with IV chaining
Unique initialization vector file headers
Select Paranoia mode (symbol "p") will create a volume with the most paranoid settings:
Cipher: AES
Key Size: 256 bits
PBKDF2 with three second runtime, 160 bit salt
Filesystem Block Size: 1024 bytes
Filename Encoding: Block encoding with IV chaining
Unique initialization vector file headers
Message Authentication Code block headers
External IV Chaining
Enter «x» (Expert mode) allows you to manually set all the encryption settings. briefly about the importance of each of these parameters can be read, for example, Wikipedia .
Next we are asked to enter and confirm a password to access the FS. In this process of creating an encrypted volume will be completed.
- Left turn automounting an encrypted partition. I did this by adding the following line to the crontab (replacing% username% and% mypassword% on a username and password to the section, respectively):
@ reboot echo% mypassword% | / opt / local / bin / encfs - stdinpass / Users /% username% / Dropbox / Encrypted / Users / % username% / Documents / Decrypted
Total
So, we got what they wanted: when creating / editing a file in the folder ~ / Documents / Decrypted its encrypted version appears in ~ / Dropbox / Encrypted and automatically sihroniziruetsya with the server dropboksa:
Other systems
This solution is relevant not only for Mac OS, it can be easily applied to FreeBSD or Linux. The differences are only in the installation method encfs (from sources, the packages or ports ) and in the way the automounter section.
Ubuntovody can read about setting ligament Dropbox + EncFS on Ubuntu Linux.
|