Practical Remote Encrypted Storage

4joe2nd Apr 2009Administration, , , , ,

Introduction

I’ve been looking for an easy way to keep my important files off-site and secure at the same time. When putting together what I thought would be my perfect solution, I came up with the following features:

  • Automatic — no manual synchronizing or uploading.
  • Secure — encrypted file storage and file transfers.
  • Portable — works on multiple computers.
  • Free — because I’m cheap.

Trials and Errors

I tried a few ideas before figuring out my final solution.

First was CrashPlan. It allows you to install a free copy on several computers and exchange files between all of them. Because you know all of the computers, you should be able to trust where your data is. They also provide storage on their central server, but it is not free.

Next I tried configuring EncFs to encrypt home directories. My idea was to use SSHFS to connect to a remote Linux server that would have an encrypted home directory. I obviously did not do this right because I locked myself out of the server. Thankfully, it was a test virtual machine.

Duplicity is very cool and I have used it in the past. However, it’s not very user-friendly.

My Solution

I finally settled on a combination of Dropbox and EncFS. It works like this: Dropbox gives you 2GB of remote storage for free. They have clients for Mac, Windows, and Linux. You’re able to connect as many computers as you want to your Dropbox account and share files. Watch the Screencast — it’s really cool.

By utilizing EncFS, I was able to make an encrypted folder in my Dropbox. I then mount that encrypted folder on to my Desktop and I can now work with the decrypted files. Whenever I add files, Dropbox automatically detects this and uploads them.

As a bonus, I can install the same setup on another computer and access my files, make changes, and Dropbox will automatically synchronize everything.

Instructions

I use a Mac, so these instructions are Mac-specific.

  1. Get a Dropbox account.
  2. Install MacFUSE.
  3. Install Macfusion.
  4. Install EncFS for Mac. Note: you only need the EncFS package and not the EncFSVault.
  5. Install the EncFS Plugin for Macfusion.

Now everything is installed.

  1. Create a folder called encrypted in your Dropbox.
  2. Create a new EncFS Mount with Macfusion.
  3. Click “Create New File System” and browse to this encrypted directory.
  4. Set a passphrase
  5. In the Macfusion tab, set the Mount Point to your Desktop and call it Encrypted (/Users/joe/Desktop/Encrypted)
  6. Type “Encrypted” for the Volume Name as well.
  7. Mount

That should do it. You should now have a drive on your Desktop that will encrypt all files you place in it and send them to Dropbox. You can verify this by doing ls -l on the encrypted folder in your Dropbox — the data should not be recognizable.

Conclusion

I really like this solution as it has all the features I was looking for. Despite having to install 5 items, I think it’s really simple to set up.

This method also has a huge benefit over using an OS X-based Encrypted Disk Image or Sparse Image: if you used one of these, Dropbox would re-upload the whole file everytime you made a change. Even if your Disk Image is only 20mb in size, this is a huge burden. Using a new Sparse Bundle might have been an option, but these types of files are incompatible with Dropbox.

If you like this idea and plan to use it yourself, consider signing up for Dropbox using my referral link — I get free space when you do.

4 Comments Comments Feed

  1. Vano (April 26, 2009, 9:10 am).

    Did you actually try this with a secondary computer?

    It doesn’t work for me for the second mac, it gives an obscure error:

    “encfs_askpass (long hex numbers…) malloc: reference count underflow for 0xHEX_numbrers… break on auto_refcount_underflow_error to debug.”

    It mounts the volume but the directory is empty. The “Mount” button is also active in the Macfusion interface, so it hasn’t mounted the encfs.

    Your solution was the best I have come to find but unfortunately it doesn’t work for multiple setups which is the whole point of dropbox (for storage on S3, JungleDisk is imho better) :-(

    Any ideas?

  2. joe (April 26, 2009, 9:22 am).

    Hello,

    That’s really weird and I can’t explain why you’re getting that error. I’m currently using this setup frequently on my desktop and laptop and it has worked perfectly.

    Are there any major differences in the two Macs you’re using?

  3. Vano (April 26, 2009, 10:37 am).

    Hi there again,

    Actually I went crazy trying to find out what was going on, I tried with a clean enc and unenc dir and no go… so I reinstalled the whole Macfusion stuff and now it suddenly works. I did install everything correctly the first time. I think it has to do with restarting/logging in after installs or something. My guess is that the last instalation (EncFS Plugin) should be installed after the system has been restarted.

    Anyhow I have another problem, it seems that I cannot carry out normal Finder searches (nor spotlight) on the mounted encfs dirs.

    Can you get searches working on the mounted dirs?

    Thanks!

  4. Remote Encrypted Storage Revisited » joe.topjian.net (December 30, 2009, 1:47 am).

    [...] been using my Dropbox / encfs combination since April and it’s worked great. Lately, however, I’ve come across some [...]

Add a Comment