Seamless cloud crypto?
April 25, 2012 12:03 PM Subscribe
Does anyone know a good solution for encrypting a few folders as they get synced into the cloud, while seamlessly keeping them usable locally? Mostly word and PDF docs.
Basically, I'd just like the power to say "my Dropbox (and/or google drive etc.) folder gets encrypted before it goes up to the cloud," while also not having to decrypt each individual file when I open it up on my hard drive. Is this possible? I'm on a Mac, if it matters. (Will this just require encrypting the whole HD qua truecrypt? How would that work with downloading and decrypting individual files from cloud directly?)
Thanks!
Basically, I'd just like the power to say "my Dropbox (and/or google drive etc.) folder gets encrypted before it goes up to the cloud," while also not having to decrypt each individual file when I open it up on my hard drive. Is this possible? I'm on a Mac, if it matters. (Will this just require encrypting the whole HD qua truecrypt? How would that work with downloading and decrypting individual files from cloud directly?)
Thanks!
I use 7zip to archive and encrypt folders or individual files. I have stored these on Dropbox without a problem. I input a password when opening the folder or file.
posted by k8lin at 12:10 PM on April 25, 2012
posted by k8lin at 12:10 PM on April 25, 2012
I think he doesn't want to put a password in when opening the file locally.
posted by empath at 12:18 PM on April 25, 2012
posted by empath at 12:18 PM on April 25, 2012
SpiderOak has client-side encryption. It's not quite as slick as DropBox, but it's close (also free for a few GB, so easy to try out).
posted by introp at 12:19 PM on April 25, 2012
posted by introp at 12:19 PM on April 25, 2012
Hrmm, I would think you could do this with Keyboard Maestro or Hazel. Although it might require duplication.. I'm thinking:
1. Local Unencrypted Folder - not in the cloud
2. Hazel watches Local Unencrypted folder... moves it to a staging area. In the staging area, Hazel runs a script (applescript, probably) to encrypt the files... once they've been encrypted it moves them to Dropbox.
Would something like that be an option?
posted by backwards guitar at 12:20 PM on April 25, 2012
1. Local Unencrypted Folder - not in the cloud
2. Hazel watches Local Unencrypted folder... moves it to a staging area. In the staging area, Hazel runs a script (applescript, probably) to encrypt the files... once they've been encrypted it moves them to Dropbox.
Would something like that be an option?
posted by backwards guitar at 12:20 PM on April 25, 2012
Sorry, in step 2 instead of "moves it to a staging area":
"copies the files to a staging area"
posted by backwards guitar at 12:21 PM on April 25, 2012
"copies the files to a staging area"
posted by backwards guitar at 12:21 PM on April 25, 2012
I do this with truecrypt.
Truecrypt allows one to create files that mount as "drives", as well as whole partitions of a hard drive. On Windows and unix, you can mount these as directories; I'm not certain how that works on a Mac. All you then need to do is put the truecrypt volume on your dropbox/skydrive/box directory and everything happens automatically. Access to the files on the encrypted drive is transparent to applications.
A word of warning though, this is bandwidth intensive and can be slow to sync. Every time even the slightest change is made to the trucrypt volume, the entire volume has to be resent to the cloud server. This is the entire drive, all of it, every time. I tend to use this for document repositories that don't change much.
posted by bonehead at 12:48 PM on April 25, 2012
Truecrypt allows one to create files that mount as "drives", as well as whole partitions of a hard drive. On Windows and unix, you can mount these as directories; I'm not certain how that works on a Mac. All you then need to do is put the truecrypt volume on your dropbox/skydrive/box directory and everything happens automatically. Access to the files on the encrypted drive is transparent to applications.
A word of warning though, this is bandwidth intensive and can be slow to sync. Every time even the slightest change is made to the trucrypt volume, the entire volume has to be resent to the cloud server. This is the entire drive, all of it, every time. I tend to use this for document repositories that don't change much.
posted by bonehead at 12:48 PM on April 25, 2012
Response by poster: Bonehead -- follow-up to that: is it possible to open/individually decrypt a file from the web interface to the cloud service w/ that setup? Or do you have to download the whole volume?
posted by paultopia at 12:55 PM on April 25, 2012
posted by paultopia at 12:55 PM on April 25, 2012
If you're using a Mac on both ends, I'd do this:
1. Create an encrypted disk image. Save the password for this in your keychain, which by default will be unlocked whenever you're logged in.
2. Put the disk image in your Dropbox (or Google Drive or whatever) and save files in it.
One note: Dropbox (and Time Machine) will see the disk image as one single file, so whenever you make any change at all to any file in there, it'll have to upload a new copy of the entire image. If it's a very large disk image, this could take some time.
The reason I like this approach is that it's all stuff that's built into the Mac, so you don't need to install any special software to open the disk image, and it won't be broken by software updates.
posted by davextreme at 12:55 PM on April 25, 2012
1. Create an encrypted disk image. Save the password for this in your keychain, which by default will be unlocked whenever you're logged in.
2. Put the disk image in your Dropbox (or Google Drive or whatever) and save files in it.
One note: Dropbox (and Time Machine) will see the disk image as one single file, so whenever you make any change at all to any file in there, it'll have to upload a new copy of the entire image. If it's a very large disk image, this could take some time.
The reason I like this approach is that it's all stuff that's built into the Mac, so you don't need to install any special software to open the disk image, and it won't be broken by software updates.
posted by davextreme at 12:55 PM on April 25, 2012
The file you store on the web service is the whole volume. Think of it as similar to a zip archive of all the contents. You have to download the entire thing to get at your single file. Truecypt is not data-efficient.
Some limitations: Truecrypt also needs full administrator/superuser rights on your computer too, to do the necessary magic to get this transparency to work, even in "portable mode". You will not be able to use truecrypt on a thumbdrive in an internet cafe, for example (no should you want to really). I've also not found android or iOs clients for it.
posted by bonehead at 12:59 PM on April 25, 2012
Some limitations: Truecrypt also needs full administrator/superuser rights on your computer too, to do the necessary magic to get this transparency to work, even in "portable mode". You will not be able to use truecrypt on a thumbdrive in an internet cafe, for example (no should you want to really). I've also not found android or iOs clients for it.
posted by bonehead at 12:59 PM on April 25, 2012
If you're on a mac there's this as an option. I haven't tried it yet, but it looks like it could be used for any cloud-based storage.
posted by Runes at 1:24 PM on April 25, 2012
posted by Runes at 1:24 PM on April 25, 2012
Best answer: Is there a reason you *need* to use the cloud? You can roll your own dropbox clone with SparkleShare if you're a bit handy with the command line. That way the files can stay on an encrypted hard drive under your control. Not as many sharing options and whatnot, but it's free and a nice way to get things synced and backed up across multiple machines.
posted by pjaust at 7:42 AM on April 26, 2012 [1 favorite]
posted by pjaust at 7:42 AM on April 26, 2012 [1 favorite]
This thread is closed to new comments.
posted by qxntpqbbbqxl at 12:09 PM on April 25, 2012 [1 favorite]