How can I encrypt data in cloud storage services like Dropbox?
Solution 1:
Yes it is possible. The best way to archive this with a per file encryption is with encfs:
The general principle is that you have a (optionally hidden) encrypted folder inside UbuntuOne/Dropbox where your files are stored, but you access them though another folder, where the decrypted files are shown. Any File you add to the decrypted folder will be encrypted and put into the encrypted folder:
Decrypted folder ←encfs→ Encrypted Folder (inside UbuntuOne/Dropbox)
On another computer the encrypted folder is synced by UbuntuOne/Dropbox and can also be decrypted on the fly.
Installation:
-
Install encfs version 1.7 or greater
sudo apt-get install encfs
-
install gnome-encfs-manager:
sudo add-apt-repository ppa:gencfsm/ppa sudo apt-get update && sudo apt-get install gnome-encfs-manager
Setting up the Drive on the first computer:
- Create a (hidden) directory inside Dropbox/Ubuntu One to use as for the encrypted files
- Start gnome-encfs-manager and set up a new stash (click on the plus sign)
- Set the directory to encrypt to a (hidden) folder inside your Dropbox/Ubuntu one folder
- Set the mount directory wherever you want (default is fine)
- enter a good password (30 random chars...) and click "Create"
- edit the new stash so it is mounted on startup and the password is saved in the gnome keyring
You should now have your encrypted drive mounted (it will be displayed like a mounted usb-drive)
Importing the drive on other computers:
- Wait for all files to sync
- Start gnome-encfs-manager and set up a new stash
- Set the directory to the previously created folder inside your Dropbox/Ubuntu
- encfs-manager will detect the drive and import it
- Set the mount directory wherever you want (default is fine) and click "Import"
- edit the new stash as desdribed above
- you will be asked for your password on first mount
Cross Platform compatibility:
- This is cross compatible with Android when using Encdroid (open source, recommended) or Cryptonite (open source). Both Android Apps support Dropbox and should also work with UbuntuOne using local folder decryption (in combination with an UbuntuOne client which syncs your files onto the SD Card)
- This is probably also compatible with windows using encfs4win or other software.
Solution 2:
The only good way to do this is to first encrypt the files locally, then move them to the Ubuntu One folder. If you make an encrypted partition or container and then choose to sync that with Ubuntu One, you risk syncing the unencrypted data. See here for one approach using encFS. It has it's limitations though.
An alternative is SpiderOak, which works like Ubuntu One but encrypts everything before it leaves your machine. They claim they have no way to recover your data if you forget your password, and it even has two-factor authentication. Last I tried it, it would slow down my machine for several minutes after booting while it scanned my drive, but this may have been fixed by now. Also, it's 2GB free vs Ubuntu One's free 5GB.
Here is another Ask Ubuntu post detailing some of the issues you raise.
Solution 3:
I can propose you the Wuala service here: http://www.wuala.com/en as an alternative to Spideroak. Almost same functionalities.
But, if you really want to control the encryption yourself, I can propose you to use Ubuntu One and Déjà-Dup (backup tool) together. You use the server space of Ubuntu One for your data, but you upload the data through Déjà-Dup using a password. Déjà-Dup will encrypt the data with your password. I think this is the best solution: simple and secure.
Solution 4:
You could possibly make use of EncFS (http://www.arg0.net/encfs). Use the Ubuntu One directory to store the encrypted file system, while mounting it somewhere else. For example, using the following setup.
-
~/Ubuntu One/.encrypted
- the hidden encrypted files -
~/Ubuntu One (encrypted)/
- the visible decrypted files
This however will make the number of files, directory and file structure, and their sizes visible, so it's not an ultimate solution.
Read here for more details of how to set it up, and here for some basic information about advantages and disadvantages.