How to use BoxCryptor with EncFS in Ubuntu Maverick (10.10)

If you use BoxCryptor to encrypt (parts of) your Dropbox folder, an USB stick or an external harddisk and want to share the encrypted data with a computer running Linux or Mac OS X, a great feature of BoxCryptor is the compatibility with EncFS, an open-source cryptographic filesystem. As EncFS had some security issues in previous version, a prerequisite is to have EncFS version >= 1.7 installed. Unfortunatly Ubuntu and other Linux distributions still use older version of EncFS (e.g. 1.6) which can not be used to read files encrypted with BoxCryptor. This blog post will show you how to install and use the latest EncFS version 1.7.4 in Ubuntu Maverick.

1. Start the Synaptic Package Manager

• Click “System > Administration > Synaptic Package Manager”

2. Add the repository for the upcoming Ubuntu Natty

• Natty, the next version of Ubuntu, supports the latest version of EncFS and we can use its repository to install it.
• Click”Settings > Repositories”
• Click”Other Software > Add”
• APT line: “deb http://archive.ubuntu.com/ubuntu natty main universe”
• Close the dialog and reload the package information by clicking the “Reload” button

3. Install EncFS

• Search for “encfs” and mark the encfs package all additional required packages for installation
• Install the packages by clicking the “Apply” button
• Tip: Also install cryptkeeper for a graphical interface to manage EncFS

4. Remove Ubuntu Natty repository

• Choose “Settings > Repositories > Other Software”
• Uncheck the Ubuntu Natty repositories

5. Start Cryptkeeper

• Click “Applications > System Tools > Cryptkeeper”

6. Import the encrypted directory

• Choose “Cryptkeeper > Import EncFS folder” in the notification area
• Select the encrypted directory (the source directory for BoxCryptor)
• Select a desired mount point where you want the unencrypted data to appear

7. Mount the encrypted directory

• Choose “Cryptkeeper > [Mount point]” in the notification area
• E.g, “Cryptkeeper > /home/robert/Documents/Safe”

Tip: If you prefer working on the command line, here are the necessary instructions to install and use EncFS 1.7.4 in Ubuntu Maverick:

1. Open a terminal
2. Add “deb http://archive.ubuntu.com/ubuntu natty main universe” to /etc/apt/sources.list
3. Enter “sudo apt-get update”
4. Enter “sudo apt-get install encfs”
5. Remove the Natty repository from /etc/apt/sources.list again
6. Enter “sudo apt-get update”
7. Enter “encfs [destination mount point]“
8. E.g. “encfs ~/Dropbox/BoxCryptor/ ~/Safe”

BoxCryptor 0.5 Beta is Available

After the very positive feedback for the Alpha Release of BoxCryptor (e.g. GigaOM, ghacks and stadt-bremerhaven), I am happy to announce the first Beta Release of BoxCryptor. The most important improvement is the replacement of RC4 as encryption algorithm. BoxCryptor now uses the Advanced Encryption Standard with a key size of 256 bit (AES-256) to encrypt and decrypt files in block and stream mode. Block mode uses Cipher-block chaining (CBC) as encryption mode while stream mode uses Cipher feedback (CFB) in multiple passes with data order reversal between passes. Block mode is used for all fixed size filesystem blocks and stream mode is used for the last (partial) block at the end of a file. BoxCryptor uses deterministic initialization vectors for each block so that random access to blocks within a file are possible.

Although BoxCryptor is still only available for Windows, BoxCryptor now offers multi-plattform support because the encryption of BoxCryptor is compatible with EncFS, a cryptographic filesystem available for Linux and Mac OS X operating systems. That means, directories encryted with BoxCryptor on Windows can also be mounted with EncFS on Linux and Mac OS X computers. These are the two most important news, but the beta version also contains a lot of small bug fixes and other improvements like an automatic update check.

While the Alpha Release was completely free of charge, BoxCryptor will be a freemium (or shareware) product in the future where the free version should be sufficient for most users to secure their files at cloud storage providers like Dropbox.

• BoxCryptor Free supports encrypted directories up to 2 GB in size and may only be used for personal use.
• BoxCryptor Unlimited Personal does not limit the size of encrypted directories but may only be used for personal use.
• BoxCryptor Unlimited Business does not limit the size of encrypted directories and may also be used for commercial use

BoxCryptor Unlimited is not yet available because BoxCryptor is still in an eary beta phase, but it will be available when BoxCryptor has reached a stable state. Until then, only BoxCryptor Free is available for download.

Be aware that BoxCryptor is still in an early beta phase. It should work mostly as expected, but it could happen that errors occur. We recommend to not yet use it for important data without having a backup of this data. If you find any bug, please contact us. Check the FAQ page for more information.

Go to the BoxCryptor website.

BoxCryptor :: On-the-fly encryption for cloud storage

[The original post can be found on my private blog.]

Cloud storage is a great thing and I really love my Dropbox, but the absence of personal encryption was always a bumper for me. Although Dropbox (and many other cloud storage providers like Box.net) encrypt the data on their storage backend, you can not be 100% sure that your data is confidential because they own the key and are always able to access your data. They are not ‘zero-knowledge’ providers like Spideroak or Wuala!

That’s why it is mandatory to encrypt all confidential files already on the client side when using a cloud storage provider without ‘zero-knowledge’. The Dropbox Wiki offers some good tools to accomplish this requirement. Noteably these are: FreeOTFE, Truecrypt, EncFS and SecurStick. FreeOTFE and Truecrypt are quite popular, but use container-based files which occupy all the initial disk space and can not grow and/or shrink. SecurStick and EncFS are great because they work file-based and encrypt each file on its own. However EncFS is only available for Linux and MacOS users and SecurStick is based on WebDAV, besides that I didn’t like the overall handling of SecurStick.

As I was not happy with any of the existing solutions, I developed my own encryption tool which provides a similar experience to Windows users as EncFS does for Linux and MacOS users. BoxCryptor is a cryptographic virtual harddisk that encrypts all data On-the-fly in real-time. Encrypted data is stored transparently in an arbitrary directory.

Save files to the virtual harddisk and BoxCryptor encrypts them on-the-fly and stores the encrypted files in a directory or your choice, e.g. a directory that is synced to the cloud like your DropBox folder. When reading files from the virtual harddisk, BoxCryptor decrypts them on-the-fly so that they are accessible as any other unencrypted file. BoxCryptor takes care that all data is automatically encrypted and decrypted just before it is loaded or saved.

BoxCryptor currently encrypts files using a modified version of the RC4 encryption algorithm. I’m planning to support AES encryption in the near future, but the stream cipher RC4 was easier to implement for the beginning.

Be aware that this is  a very early release of BoxCryptor which is intended for testing purposes only! You should not yet use it for productive use! The current version 0.1.0 Alpha of BoxCryptor expires on 31st March 2011 and will provide read-only access to the encrypted files past this date. An updated and more stable version of BoxCryptor should be availble until then.

Go to the BoxCryptor website.