Local data encryption for cloud storage
Old Companions
In addition to the programs designed for encrypting data in the cloud, Linux offers other cryptotools, including GnuPG [14] and the obsolete TrueCrypt [15], although it is now available as a fork named VeraCrypt [16].
GnuPG is typically used to encrypt email (e.g., for use with Enigmail [17]). Thanks to the tool, any Linux user can encrypt files locally and drop them into a cloud folder to synchronize the data. However, this solution requires some manual work. For example, you need to make sure not to send unencrypted content to the cloud folder or decrypt files in the wrong folder and then accidentally sync them to the cloud. If you still want to use GnuPG, you should think about using scripts that handle the important work steps, thus preventing errors.
Using TrueCrypt or its successor VeraCrypt (Figure 5), you can create encrypted containers that a folder intended for the cloud can then synchronize. Only users who know the password and have the container mounted will see the content. The disadvantages are that small changes to the files in the container affect the entire container, which means that unless the provider supports block-level synchronization, the service syncs the complete container, even if just one character changes in a file.
eCryptfs [18], which Ubuntu uses [19], is also worthy of mention. The kernel-based encrypted filesystem is mounted on an existing filesystem (e.g., ext4). eCryptfs then creates two directories (~/Private
and ~/.Private
) by default and writes the encryption information to the headers of the files to be encrypted. eCryptfs automatically stores files that the user saves to ~/Private
as encrypted files in ~/.Private
. From there, you can upload to the cloud. However, you can customize the software to suit your own needs and locate the encrypted folder in Dropbox. eCryptfs is not foolproof, however, because an attacker that gets hold of the password can read the encrypted user directories.
Conclusions
Programs that have been designed especially for encrypting cloud data seem to offer the better approach all told. Cryptomator is currently only available as a beta version; nonetheless, it still demonstrated the strongest performance in the lab. It also appears to be the easiest to use of the tested programs.
PanBox offers more features and therefore also requires more time for training. Assuming that the bugs encountered during testing are resolved in the future, PanBox also seems to be a strong candidate for handling data for the cloud.
Infos
- "Is your cloud drive really private? Not according to fine print" by Rosa Golijan, NBC News, March 15, 2013: http://www.nbcnews.com/technology/your-cloud-drive-really-private-not-according-fine-print-1C8881731
- Boxcryptor: https://www.boxcryptor.com
- Boxcryptor with Linux support: https://www.boxcryptor.com/en/classic
- PanBox: https://www.sirrix.com/content/pages/66722.htm
- PanBox code: https://github.com/Sirrix-AG/PanBox
- PanBox Enterprise: https://www.sirrix.com/content/pages/67191.htm
- PanBox download: https://www.sirrix.de/content/pages/66538.htm
- Oracle Java: https://www.oracle.com/java/index.html
- PanBox manual: https://cybersecurity.rohde-schwarz.com/sites/default/files/download/panbox_benutzerhandbuch_-_en.pdf
- Cryptomator: https://cryptomator.org
- Cryptomator source code: https://github.com/cryptomator/cryptomator
- Scrypt: https://www.tarsnap.com/scrypt.html
- Cadaver: http://www.webdav.org/cadaver/
- GnuPG: https://www.gnupg.org
- TrueCrypt: http://truecrypt.sf.net
- VeraCrypt: https://veracrypt.codeplex.com
- Enigmail: https://www.enigmail.net
- eCryptfs: http://ecryptfs.org
- eCryptfs in Ubuntu: https://help.ubuntu.com/community/EncryptedPrivateDirectory
« Previous 1 2
Buy this article as PDF
(incl. VAT)