## Dropbox with EncFS for Privacy

I have put together a way to keep files private yet still have them backed up by Dropbox. It works on Linux and OS X. Jump to the instructions if you want to get right to it.

Edward Snowden sparked a public conversation about internet and communication privacy. He has supplied many revelations about how the United States' NSA is capturing data on a large scale. This has caused people to think differently about using internet services. I hope that instead of avoiding sending information through the internet and reverting to a pre-internet age, the revelations will advance the widespread use of cryptography and help start a new era of privacy.

Dropbox encrypts files in transmission from your devices and while they reside on Dropbox servers. However, in order to enable features such as deduplication and simple web-access, Dropbox holds the encryption key on their server. Therefore, they have the ability to decrypt your files and give access to the NSA, for instance. Dropbox states that they will only do so if ordered by the court, but if you encrypt the files before sending them to Dropbox and keep the key secret yourself they will not have the ability to reveal your files. EncFS is an excellent tool that enables you to get set up like this. EncFS lets you store files encrypted in one folder, but mount them in the clear in another. The folder with the encrypted files is full of files and folders with names like 'ExQLWRksKsHo2iWbuIFYRs4n'. This folder resides in your Dropbox folder where it to be backed up and synced without you having to take action. EncFS allows you to mount the folder at another location where you can see the decrypted files. This is where you interact with your files as normal. Dropbox only gets to see the files when they are encrypted. The normal files only exist on your machine when the decryption program is running. The NSA, Dropbox, or anyone else would have to break the encryption to be able to read your files, which is unlikely.

Breaking the encryption is unlikely, but not impossible. Recently I read a security audit of the EncFS source code. This ten-hour paid audit revealed many issues. Writing cryptographic software is very hard (a security researcher I enjoy reading likes to point this out)/ one programming mistake can be exploited by a motivated and funded attacker to decrypt your files. This situation is entirely possible with the system I have set up based on EncFS. I find this as an acceptable risk because I don't anticipate my data being targeted by a motivated and funded attacker. I also could not find another solution that was able to provide compatibility with Dropbox and also work under Linux and OS X. However, if you're trying to avoid close scrutiny from a powerful adversary, you should find a better solution.

To set this up on Linux, install the encfs package. This can be done on Ubuntu with this command:

sudo apt-get install encfs


To install EncFS on OS X, you need to install osxfuse along with encfs. I like to use brew to install the Linux programs that are missing from OS X. I've also started using brew cask to install non-command-line applications easily. These commands will get it done:

brew update
brew doctor # Always good to check with the doctor
brew cask install osxfuse
brew install encfs


The next step is to create the directories for your new set up. The first folder will be the encrypted one that will live on Dropbox and the second will only be on your local machine:

mkdir ~/Dropbox/.encrypted
mkdir ~/Private


Set up the encryption with EncFS. It will walk you through the setup asking you questions as you go:

ubuntu@lore:~$encfs ~/Dropbox/.encrypted/ ~/Private/ Creating new encrypted volume. Please choose from one of the following options: enter "x" for expert configuration mode, enter "p" for pre-configured paranoia mode, anything else, or an empty line will select standard mode. ?> p Paranoia configuration selected. Configuration finished. The filesystem to be created has the following properties: Filesystem cipher: "ssl/aes", version 3:0:2 Filename encoding: "nameio/block", version 3:0:1 Key Size: 256 bits Block Size: 1024 bytes, including 8 byte MAC header Each file contains 8 byte header with unique IV data. Filenames encoded using IV chaining mode. File data IV is chained to filename IV. File holes passed through to ciphertext. -------------------------- WARNING -------------------------- The external initialization-vector chaining option has been enabled. This option disables the use of hard links on the filesystem. Without hard links, some programs may not work. The programs 'mutt' and 'procmail' are known to fail. For more information, please see the encfs mailing list. If you would like to choose another configuration setting, please press CTRL-C now to abort and start over. Now you will need to enter a password for your filesystem. You will need to remember this password, as there is absolutely no recovery mechanism. However, the password can be changed later using encfsctl. New Encfs Password: Verify Encfs Password: ubuntu@lore:~$


I chose paranoia mode, generated a passphrase for use as the EncFS Password, and stored it in my KeePass file. Now try out the new setup by creating a file in ~/Private, and then checking what happens in ~/Dropbox/.encrypted.

ubuntu@lore:~/Private$echo "This is top secret." \ > secret_file.txt ubuntu@lore:~/Private$ ls -l
total 4
-rw-rw-r-- 1 ubuntu ubuntu 20 Aug 18 03:33 secret_file.txt
ubuntu@lore:~/Private$cat secret_file.txt This is top secret. ubuntu@lore:~/Private$ cd ~/Dropbox/.encrypted/
ubuntu@lore:~/Dropbox/.encrypted$ls -l total 4 -rw-rw-r-- 1 ubuntu ubuntu 36 Aug 18 03:33 2NtUSziTJZwvmLZLombfEs3P ubuntu@lore:~/Dropbox/.encrypted$ cat 2NtUSziTJZwvmLZLombfEs3P
~ ?ƾ���O��
�'G��^mE�


This shows that the file appears as a typical readable file when read from the ~/Private directory, but when you look at the file as it appears in ~/Drobox/.encrypted/, the data is encrypted and unreadable. The set up created a .encfs6.xml file in your ~/Dropbox/.encrypted folder. It looks something like this:

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
<!DOCTYPE boost_serialization>
<boost_serialization signature="serialization::archive" version="9">
<cfg class_id="0" tracking_level="0" version="20">
<version>20100713</version>
<creator>EncFS 1.7.4</creator>
<cipherAlg class_id="1" tracking_level="0" version="0">
<name>ssl/aes</name>
<major>3</major>
<minor>0</minor>
</cipherAlg>
<nameAlg>
<name>nameio/block</name>
<major>3</major>
<minor>0</minor>
</nameAlg>
<keySize>256</keySize>
<blockSize>1024</blockSize>
<uniqueIV>1</uniqueIV>
<chainedNameIV>1</chainedNameIV>
<externalIVChaining>1</externalIVChaining>
<blockMACBytes>8</blockMACBytes>
<blockMACRandBytes>0</blockMACRandBytes>
<allowHoles>1</allowHoles>
<encodedKeySize>52</encodedKeySize>
<encodedKeyData>
3ZsQ5d7IQekimg8voSvOcSyCV22omVxr+8si2oUx3vhIhpUWoBBk7pNnwpwZC0/5AZTw+Q==
</encodedKeyData>
<saltLen>20</saltLen>
<saltData>
e92YBjnBkWDZoBFJJ8gP2/snhOU=
</saltData>
<kdfIterations>505313</kdfIterations>
<desiredKDFDuration>3000</desiredKDFDuration>
</cfg>


This file contains some of the information EncFS needs to decrypt your files. EncFS also needs your passphrase, of course. It might make life for an attacker harder if you could alter your setup slightly so that this file never goes to Dropbox either, but I do not believe this is strictly necessary. If you did, you would have to move the file manually to each computer that needs to decrypt your files. The next step is to set this up to automatically mount.

To mount the folder on Linux, I use the gnome keyring to store the passphrase that unlocks the EncFS folder. I add the passphrase as a key named 'bj_encrypted_dropbox' on the gnome keyring (The program to edit the gnome keyring is called 'Keys and Passwords'). This keyring can store secrets for you and is unlocked when you login to your machine. I adapted a command line utility that will return passphrases from the gnome keyring using the python gnomekeyring library:

#!/usr/bin/env python2

import sys
from optparse import OptionParser

import gnomekeyring as gk

# Parse the command line options using OptionParser
usage = "usage: %prog [option] [arg]"
parser = OptionParser(usage)
help="Query for secret containing %")
(options, args) = parser.parse_args()

# Build dict of keys
for key_id in gk.list_item_ids_sync(keyring):
item = gk.item_get_info_sync(keyring, key_id)
# Go through keys to match query
for key_name in login_keys:
if options.quer in key_name:
sys.exit(0)
sys.exit(2)


The last needed piece is a small shell script that can run after you are logged in that will mount your encrypted folder:

#!/usr/bin/env bash

echo "Mounting ~/Private"
qkeyring -q bj_encrypted_dropbox | encfs -S /home/bpotter/Dropbox/bj_private /home/bpotter/Private


For OS X, I found a helper script that you can put in your applications folder and launch after you login. This program uses the OS X keyring which operates similarly to Gnome Keyring. I had to go into the application and edit a few lines to make the directories and configuration files match what I use for EncFS. If you look at '/Applications/DropSec.app/Contents/MacOS/dropsec.sh' after installing the helper script, you will see that this is just a shell script, much like what I did for Linux. Change the paths to the folders and your '.encfs6' file to match what you have. Then you simply have to run the Dropsec app and the clear folder will be mounted.

You can discuss this on Hacker News