May 6, 2011 at 00:58

Making encryption in Dropbox Mac (compatible with Linux)


    Over the past month there have been several publications on Habr about the security of information storage on Dropbox . And, apparently, the information there, indeed, is not completely safe to store.
    At least Dropbox employees can access it, and at most I don’t even want to think about who. I actively use storage to synchronize a home laptop with a working computer. I have the Adium data folder on Dropbox (I don’t want anyone to read May history), 1Password (well, thank God everything is encrypted there, I hope), folders for projects and documents (not the most important of course, but I really would not want to so that the documents, let alone projects fall into the wrong hands). I must say that I take the safety of my information quite seriously - the system disk is fully encrypted, the TrueCrypt container for important files, I store the keys on the etoken well, etc. And this insecurity of Dropbox always bothered me and after the last publications I started looking for a solution how to encrypt information in the repository.overwriting the entire container with each change is unrealistic, but manually or after unmounting it is very inconvenient to synchronize the container with the Dropbox server only when unmounting (not through the Finder, but through TrueCrypt itself, it must be unmounted), by the way, I checked that the whole container is not poured onto the server when each change, and, apparently, the changed blocks are synchronized.
    A little google, I found a solution based on EncFS , the files in this file system are encrypted each separately, which is what we need. The solutions for Ubuntu and Mac OS Leopad are described, although judging by the reviews, you can install them on Snow Leopad.
    So let's get started ...

    Install MacFUSE 2.0 . FuseIs a module for kernels of Unix-like OS. It allows users without privileges to create their own file systems without having to rewrite the kernel code. This is achieved by running the file system code in user space, while the FUSE module only provides a “bridge” for the actual kernel interfaces. FUSE was officially incorporated (merged) into the main Linux code tree) in version 2.6.14. MacFUSE is the port for the poppy, download here http://code.google.com/p/macfuse/downloads/list and install:




    Install MacFusion . MacFusion is a graphical interface for MacFUSE, which is built on the basis of plugins. Included are plugins for mounting via FTP and SSH. Download the latest version of MacFusionand install (copy Macfusion.app to the / Applications folder).

    Install EncFS  - this is a FUSE-based cryptographic file system that transparently encrypts files using an arbitrary directory as a place to store encrypted files (we will put this directory in Dropbox).
    When mounting EncFS, the source directory (the source directory with encrypted files) and the mount point are indicated. After mounting, each file in the mount point directory corresponds to a specific file from the encrypted directory. Thus, in the mount point directory, the source directory files in unencrypted form are presented. Files are encrypted using a key, which in turn is stored in the same directory as the encrypted files, in encrypted form. The password entered by the user from the keyboard is used to decrypt this key. Download the port for Mac OS X here and set:




    Now the most interesting. We need to install the MacFusion plugin for EncFS and there is one, you can download it here, but it does not work on a 64x-bit system - for some reason, the author compiled it only for i386. But there is a way. So in order.

    For owners of 32x-bit and 64x-bit systems - download EncFS Plugin.dmg and install:




    for 64-bit systems:
    download source files compiled for x64,
    for example, in the terminal
    cd ~
wget http://upload24.net/EncFS.mfplugin_x64.tar.gz


    remove the installed 32x-bit plugin 
    sudo rm -r -f /Library/Application\ Support/Macfusion/PlugIns/EncFS.mfplugin/

    and unzip to its place 64x-bit
    sudo tar -xzf EncFS.mfplugin_x64.tar.gz -C /Library/Application\ Support/Macfusion/PlugIns/

    now everything you need is installed - configure,

    create the EncFS storage
    mkdir /Users/drew/Dropbox/.sec
mkdir /Users/drew/secDropbox
encfs /Users/drew/Dropbox/.sec /Users/drew/secDropbox



    we start MacFusion




    and add storage,






    then unmount the created storage through Finder




    and mount it through MacFusion,




    that’s all, check the work ... Copy some folders and files to / Users / drew / secDropbox




    this is how the container looks




    Naturally, not only the names are encrypted, but the files inside.

    PS on the second and subsequent computers that are synchronized with Dropbox there is no need to create storage, i.e. exclude
    mkdir /Users/drew/Dropbox/.sec
encfs /Users/drew/Dropbox/.sec /Users/drew/secDropbox


    Sources:
    1. Dropbox Encryption w / EncFS on MacOS X
    2. How to install EncFS for Macfuse on Mac OS X
    3. A plugin for Macfusion 2
    4. wikipedia

    Additional links:
    porting EncFS for Windows
    Tags:

    Also popular now: