Here at groovyPost we like keeping our data safe. From basic methods of protection, like a password, key, or a hidden directory, to heavy encryption methods and professional solutions to keep our data away from the wrong hands. Today we’ll review an incredibly easy to use encryption software, called BoxCryptor. Note from groovinJackman: This groovyReview has been in our hopper for some time, but I thought I’d push it up in the queue in light of the recent major Dropbox security SNAFU, where accounts were left wide open for as long as four hours due to an authentication bug. Dropbox and the blogosphere is now recommending adding an additional layer of security to Dropbox and other cloud services by using TrueCrypt, a groovy open source encryption software that we reviewed earlier (How to Encrypt Your Dropbox Folder). But if there’s one major drag about TrueCrypt, it’s that you have to keep everything in volumes/containers that have to be mounted in order to get at your stuff. If that bugs you, then you should check out this TrueCrypter alternative: BoxCryptor, which uses file-by-file encryption.

Downloading, Versions, Prices and Information:

You can quickly grab a copy of BoxCryptor from the official BoxCryptor download page and check out this amazing software for yourself. It offers three different versions for you to pick from – a Free version, with up to 2 GB of encrypted directory size and limitations to one computer. The Unlimited Personal and Unlimited Business, however, offer Unlimited encryption directory size and up to 4 installs on different computers. The only difference between Personal and Business is the fact that Business allows commercial usage, but personal doesn’t.

 

BoxCryptor Setup and Installation

As you know, our entire groovyPost team uses Dropbox for whatever files, documents, spreadsheets and video tutorials we need to share and host on the cloud. Well no doubts in saying that we were nicely surprised by the first message BoxCryptor gave us after the install:

Do we? Of course we do! The nice integration with Dropbox in BoxCryptor definitely saved us some time that we would have otherwise had to dedicate to configuring. Anyway, after pressing yes on the dialog you are left with the following window, from which you can also pick your BoxCryptor drive letter. I decided to use K – kind of like a groovy Internet slang – Kryptor.   You can also reach some more advanced settings, by checking Advanced Mode. When you enable it, you’ll get a brief warning:

Nicely said. Well, anyway, we’re pretty confident that we know what we’re doing so we’ll go ahead and Enable Advanced Mode with a big Yes. With advanced mode, you can enable or disable key and write validation, disable automatic updating and change the label for your BoxCryptor drive. Not that much additional options, but just enough to give us a bit more customization flexibility.

After choosing your desired location and configuring any additional preferences, you can move on. BoxCryptor will have you choose a password which you will use to access your encrypted documents. Do not lose your password—currently, there’s no way to recover your BoxCryptor password. If you want to, you can choose an encryption algorithm, block size and whether or not you  want to encrypt filenames as well.  If you don’t know what this means, leave the first two options at their default settings. You may want to disable filename encryption, as it makes it a bit easier to keep track of individual files when sharing them publically or with another Dropbox user.

 

Encrypting Your Dropbox Folder with BoxCryptor

If you are using Dropbox, BoxCryptor will create a folder in your Dropbox folder where the encrypted data is stored. To add encrypted files to this folder, simply move them to your mounted BoxCryptor drive (not the BoxCryptor folder in your Dropbox folder).

When you put files in the mounted BoxCryptor volume (K:), the encrypted version will automatically be placed in your Dropbox folder. Resultant filenames will look like this: And the contents will look like this:   And here is a side-by-side comparison of what files look like when encrypted (left) and what they would normally look like to you (right): \

Sharing Encrypted Files Across Computers

If you want to work with a BoxCryptor encrypted Dropbox folder on two machines that you use regularly (e.g. a work computer and a home computer), simply install BoxCryptor on both machines. When you install BoxCryptor on the second machine and tell it to use the existing BoxCryptor location on your Dropbox folder, it’ll prompt you to enter the password that you set up earlier. Now, you’ll have the unencrypted K:\ drive on both computers.

If you want to access your encrypted files on a guest machine or another infrequently used computer, you can use the BoxCryptor Portable version. It’s a simple .exe that you can run on your desktop to load encrypted directories without installing the full version of BoxCryptor. This is also handy if you want to share encrypted files via email or public links—just give them the password separately, e.g. over phone or in person and then feel free to send them the encrypted files, which they can decrypt on-the-fly. The best way to do this is to send entire zipped directories, because BoxCryptor gets a little finicky if you take an encrypted file out of its original folder. Because of this limitation, I guess it’s not a whole lot different from mounting volumes.   You can also save BoxCryptor Portable onto a thumbdrive or in your Dropbox folder so you’ll always have it with you. Just remember to keep your password secure! If you want to share encrypted files with Mac or Linux users, have them set up EncFS, which can decrypt BoxCryptor folders. There’s also a BoxCryptor Android app in the works, which will be the first of its kind. Can’t wait to check it out.  

The Verdict:

While TrueCrypt is probably the cloud encryption tool of choice for most users, it’s not exactly optimized for things like Dropbox and SugarSync. BoxCryptor gives a nice variation on the theme by attempting to offer a more file-by-file approach. There’s room for improvement, but so far, the software is slick and promising. It’s integration with Dropbox is already smooth and it’s great to know that the developer is placing a priority on cloud-based encryption. Definitely worth a download. Robert from BoxCryptor here. When you download an encrypted file from Dropbox’ web interface, you have to place the downloaded file into the source folder (e.g. Dropbox\BoxCryptor) and NOT in the BoxCryptor drive. Always remember: source folder = encrypted, drive = plaintext Note: BoxCryptor (and also EncFS) uses a configuration file (.encfs6.xml) in the root of your source folder. This file contains all the information required for encrypting or decrypting your files. You always need that file! So if you’re on a foreign computer and use BoxCryptor Portable, you also have to download the .encfs6.xml file to the root of your source folder. Isn’t the fact the the .encfs6.xml file is stored in the dropbox a security problem? If your dropbox is hacked, the hacker gets this file. Can you explain in detail why this isn’t a problem? no, this is not a security problem, because the important part (the volume key) of the .encfs6.xml is encrypted itself. BoxCryptor uses two keys for file encryption: a master key which is derived from a user supplied password and a volume key. All files are encrypted with a volume key which is generated when a new encrypted directory is created. The volume key is stored encrypted by the master key in the .encfs6.xml file. When BoxCryptor mounts an encrypted directory you have to enter the password. The password is used to derive the master key and the master key is used to decrypt the volume key which is then used for file encryption. We use PBKDF2 (see http://en.wikipedia.org/wiki/PBKDF2) with HMAC-SHA1, a salt and 5000 iterations to derive the master key from your password. This can be considered to be secure nowadays. (e.g. TrueCrypt uses only 1000 resp. 2000 iterations) I would then like to be able to install an iPhone App so I can still sync that encrypted data and access it on my iPhone. Right now if I can’t get to my dropbox data on my iPhone, I don’t have a reason for dropbox…. That’s my primary use case that I love about dropbox! Help! If the .encfs6.xml is deleted (either by accident or with intent), you loose complete access to your encrypted data, because the key for en-/decryption is stored in this file (as explained above). As with all important data, I recommend having a good backup strategy. I’m curious, you indicate that the .xml file contains the actual key used to encrypt the data, and that your password encrypts the .xml file. Is this a correct understanding? My main question is, if my assumptions are correct (which they may not be,) if the .xml file contains a key that is never changed (and is protected with the user password,) and then you change the password (say to a more secure password,) if someone obtained an old copy of the .xml file and the password, they would still be able to decrypt the data? Just curious, as I’m likely to change my password soon once I remember a stronger one. Josh. Yes, this is correct. Your password encrypts the volume key in the .xml file. And yes, your assumption is correct. If you have an old copy of the .xml file, you can still decrypt the files using the old password, because the volume key is not changed (it is just re-encrypted with the new password). In the latest version of BoxCryptor we introduced a command line switch where you can specify an alternate location of the .xml file. You could then store the .xml file outside of the encrypted folder so that it is not synced by Dropbox and transfer it by-hand to the other computers. (But this breaks compatibility with our mobile apps right now.) You can find more info here: http://blog.boxcryptor.com/boxcryptor-for-windows-v11-is-available –Robert Would be nice if BoxCryptor supported the later EncFS features, particularly IV chaining and such. But to begin with, I’m very happy there is such a solution that allows me to securely exchange files through Dropbox between multiple platforms. Thank you, BoxCryptor creator! Thanks! Comment Name * Email *

Δ  Save my name and email and send me emails as new comments are made to this post.

BoxCryptor  A TrueCrypt Alternative Designed for Dropbox Security - 31BoxCryptor  A TrueCrypt Alternative Designed for Dropbox Security - 70BoxCryptor  A TrueCrypt Alternative Designed for Dropbox Security - 30BoxCryptor  A TrueCrypt Alternative Designed for Dropbox Security - 84BoxCryptor  A TrueCrypt Alternative Designed for Dropbox Security - 65BoxCryptor  A TrueCrypt Alternative Designed for Dropbox Security - 72BoxCryptor  A TrueCrypt Alternative Designed for Dropbox Security - 6BoxCryptor  A TrueCrypt Alternative Designed for Dropbox Security - 24BoxCryptor  A TrueCrypt Alternative Designed for Dropbox Security - 14BoxCryptor  A TrueCrypt Alternative Designed for Dropbox Security - 96BoxCryptor  A TrueCrypt Alternative Designed for Dropbox Security - 8BoxCryptor  A TrueCrypt Alternative Designed for Dropbox Security - 31BoxCryptor  A TrueCrypt Alternative Designed for Dropbox Security - 35BoxCryptor  A TrueCrypt Alternative Designed for Dropbox Security - 96BoxCryptor  A TrueCrypt Alternative Designed for Dropbox Security - 86BoxCryptor  A TrueCrypt Alternative Designed for Dropbox Security - 52