Encryption (Part 3): How to Keep Secret Files in the Cloud

In an earlier post, I speculated that DropBox and TrueCrypt could be a killer combination — a painless way to keep confidential files encrypted while taking advantage of online backup and synchronization. I’ve been trying this out for a while now, and these two free tools work very well together. You’ll need an hour or two to set up the system, but after that it runs automatically. Your files are synchronized between your computers, backed up in the cloud, and unreadable to anyone else.

For DropBox, you can sign up with my referral code (you’ll get an extra 250 MB of free space, and so will I) or do the standard sign up. To keep your files encrypted, download TrueCrypt, its beginner’s guide, and information on portable use. The portable mode is useful if you want to keep TrueCrypt on a USB stick and run it on someone else’s computer.

Here are a few tips.

Install DropBox first.
Create a new TrueCrypt volume, following the wizard. You’re actually creating a large “container” file on your computer, but TrueCrypt will make it look to you like a second disk drive. Be sure to save the container in your DropBox folder.
As you run through the wizard, keep all of TrueCrypt’s default options except one. When you get to the following dialog, click the Dynamic checkbox and change Filesystem to NTFS. This lets your encrypted volume start small and grow as you add more data. You have to specify an upper limit. For instance, you can say the volume may grow up to 1 GB, but if you add only 100 MB of files the container file will be about that size. This feature makes synchronization with DropBox much faster.

I was wrong in my earlier post to say that the TrueCrypt container has to be completely uploaded again to DropBox every time you add, delete or edit a file on the encrypted volume. This is very good news. For technical reasons (if you really want to know, they involve TrueCrypt’s use of “block level encryption”), it turns out that DropBox only has to synchronize the bits of the container that have changed. And everything stays encrypted throughout the process.
Important: You should close DropBox before opening the encrypted volume on your computer. When you’re done with the volume, click the TrueCrypt button to dismout it. After that, launch DropBox to allow the changes to sync. If you keep DropBox on while you work with the TrueCrypt volume, you may be warned of a conflict.

keeses

seems like FileVault combined with iDisk that have been part of Mac OS X and MobileMe for years. MobileMe costs money and DropBox is free for the most part.
http://www.bartongellman.com/ Barton Gellman

I don’t know anything about iDisk and have only general familiarity with MobileMe. Can you use this combo to sync between Macs automatically, and to access your files from a borrowed computer? Are the files encrypted on MobileMe (I know they are inside FileVault) or does security rely on password protection for the account?
In any case, TrueCrypt and DropBox both work on Mac and Linux as well as Windows — and you can have access to the same online encrypted data from all three platforms.
thatguyivan

Hi Barton, thanks for another great post on some basic but effective security tips. I’m using the TrueCrypt+Dropbox solution as you propose with the minor change of having a fixed size for the volume instead of a variable one. If you do it like this the file size and the modification date won’t change so Dropbox won’t update changes on the file unless you go to settings > preferences and untick the option windows > preserve modification timestamp of file containers.
thatguyivan

One comment on keeses comment, in Windows there is no iDisk application to install in ordder to connect to iDisk from Windows. Instead you can do it mapping a network drive (a la WebDAV). Details are in support.apple.com/kb/HT3264. If I’m not mistaken, the disadvantage of using TrueCrypt+iDisk is having to upload the full container every time.