Need to see if your shared folder is taking up space on your dropbox 👨💻? Find out how to check here.
Forum Discussion
Solved
Encrypting local copies of shared files and synchronizing
Hi,
I understand that encryption of the local copy of Dropbox files is my responsibility.
For various reasons, I do not want to encrypt the entire PC with Bitlocker and a boot password. I am using VeraCrypt and encrypting only those chunks of data that are "sensitive".
I am using Dropbox to work with various clients. If I encrypt my local copies of the files and then synchronize them, my clients have to unencrypt (with VeraCrypt) and each client needs their own password! (A nightmare to manage... even if they would be willing.)
VeraCrypt works by having an encrypted volume (a file) that is mapped to an unencrypted folder with a drive letter (L:\, for example). The unencrypted folder 'vanishes' when the file is unmounted, and this happens automatically when I switch off the computer or log out.
I create unencrypted file-level backups by backing up the unencrypted mounted folder to a (separately) encrypted location. Can I do the same with Dropbox?
To clarify:
If I create a file with VeraCrypt and map it to a folder (D:\) and then set DropBox to synchronize with D:\ (assuming I can do this), how will the mounting and unmounting of this volume be reflected? Will unmounting of D:\ (containing the local copies of DropBox files) be seen as having deleted them, so synchronization will delete them from the cloud side? Or will it just be seen as the drive not being available (as if it were a portable drive)? And conversely, if Dropbox starts first, will the absence of the mounted folder be an issue?
I can do some testing myself - but first will have to ask clients to unshare their files with me so things don't start synchronizing unexpectedly. I'm trying to avoid asking them to do that (and then reshare them afterwards) if people already know that this does not work.
Thanks in advance,
Alison
6 Replies
- Jay
Dropbox Community Moderator
Thanks very much for the prompt reply, Jay.
Pretty much as I feared, and I'm trying to remove the human being (me) from the equation as much as possible. I could prevent the Dropbox app from starting until everything is ready, but therein lies madness. Mine!
If it was just me needing to access the files, I'd encrypt before synchronising...
The only other things I can think of are:
- To create an encrypted partition that unencrypts on boot... but that is *almost* back to the Bitlocker scenario. (Others occasionally use my PC, I'd have to give them the boot password, and then we have humans in the loop again. :-)
- To stop their files from synchronizing so I have to access them online. Safer but MUCH less convenient!
I'll pass the problem on to the clients and see what their suggestions are - only two or three (so far) are affected. Either they will have thought of something already and not told me, or will not have given it a moment's thought...
Alison
- JayI hope you find a solution that’ll give you the least amount of admin to do on your end!
Just a sanity check... it sounds like the only really safe option is to encrypt the whole system and unencrypt on boot, so nothing can start synchronising until after the unencryption has completed.
If I understand your need... it sounds like I am doing the same thing without any issues.
I have a Veracrypt vault which looks like a single file ( eg A) to Dropbox but, when unencrypted, it mounts a new drive letter which can contain files B,C,D etc.
When I make changes to B,C, D then close the vault, this causes a change to A which prompts Dropbox to sync it.
I can access fille A ( and un-encrypt/encrypt) it from several locations.. using the same password.
Hope this helps.
In TruCrypt and VeraCrypt you can set up the container without a password but with one or more key files.
I have my user able to run the veracrypt command via sudo without a password, then I have my key file(s) on a USB drive, and then use this command line in linux to mount automatically.
sudo veracrypt -t -k "<where the usb drive mounts>/<keyfile>" -p "" --non-interactive --pim=0 --fs-options=owner --protect-hidden=no /<dir>/<encrypted container> /<mnt point>/Dropbox
Put the USB drive in and run the mount script that I have; mounts it and starts dropbox
To remove I run a umount script; stops dropbox and unmounts the container
So far I have had no luck geting it all working the way I like with udev ... but that will come along.
