Leo, would you consider doing a webinar on TrueCrypt and Dropbox? I always
search Ask Leo! before I ask you a question, however, the hits that came up when
I searched for TrueCrypt/Dropbox were so numerous and the external sites often
so wordy that I thought… Ask Leo! So maybe you could do a webinar on
In this excerpt from Answercast #17,
I talk about encrypting Dropbox files with TrueCrypt and the concepts that need
to be understood before proceeding.
TrueCrypt and Dropbox
So I don’t think it’s really worthy of a full webinar; the concept is actually very simple and somewhat… well, I’ll just say frustrating!
What most people would love is an integrated solution where the files you place into Dropbox are automatically encrypted before they are uploaded. Unfortunately, TrueCrypt won’t really do that.
TrueCrypt creates encrypted containers that you mount and deal with as a separate drive letter.
I happen to use TrueCrypt and Dropbox together. Don’t get me wrong. It’s certainly possible, but I want to explain how that’s set up, and how it works, and what it doesn’t do.
So I have Dropbox.
In Dropbox, I have a TrueCrypt container; call it “container.tc.” Whenever I fire up Dropbox, that container is automatically synchronized across all the machines that I happen to have Dropbox installed on:
- It’s up in the cloud.
- It’s on my laptop.
- It’s on my desktop.
- And so forth.
Now, as a separate step: I then mount that container in TrueCrypt and it appears as a separate drive.
So, for example, I happen to mount mine as the drive P. Now what I see on my machine is that drive P contains all of these personal files of mine. They are available to me, decrypted, just like you would use TrueCrypt normally. But the container file in which they reside sits within Dropbox.
A mounted container is locked
Now, here’s where the problem is. Here’s where things kinda sorta break down.
As long as the container is mounted; as long as the files are accessible to you, so that you can make changes to those files in the encrypted container, the file is locked:
- Dropbox cannot update the file as changes are made.
- It can’t upload it or synchronize it.
- It’s blocked from being able to do that.
It’s only when you dismount the container that Dropbox can finally say, “Oh, I can get these things. Hey, it’s changed. I’ll go ahead and upload it and synchronize it with the other PCs.”
Adjusting how you use Dropbox
The reason this tends to be somewhat frustrating is you have to adjust how you use Dropbox, the encrypted container, and the files in the encrypted container in order to use them in Dropbox.
Normally with Dropbox, you make a change to a file, you save it, and it automatically gets synchronized.
If that file is within a TrueCrypt container that is in Dropbox, that doesn’t happen. You can change all of the files in the encrypted container, but it’s not until the encrypted container gets dismounted that Dropbox can actually do its work.
I’ve heard of a couple of add-ons that may do some kind of transparent on-the-fly encryption at the file level. I’ve not tried any of them, but that’s the kind of the thing it would take to work seamlessly in Dropbox.
Usage pattern for encrypted files
The model that I just described works really well for me. I tend to only use my encrypted container on one machine for a lengthy period of time. I literally end up dismounting it and going to another machine to mount it again if I’m going to switch machines. I can also mount it “read only” if I need to on other machines to avoid any kind of simultaneous update problem.
If you make a change on machine A and a change on machine B to the encrypted container at the same time, Dropbox won’t know which one it’s supposed to keep. Now, of course, it has no way to merge. It turns out to be something that you have to resolve yourself. So, it’s not transparent; it’s not as pretty as we’d like it to be.
I use an encrypted container for some stuff; then I have the stuff that is seriously private stuff that I really want to be encrypted. But I’ve got hundreds, maybe thousands, of other files in Dropbox that are not encrypted, that operate as Dropbox normally does.
So TrueCrypt and Dropbox together – it’s not really a marriage made in heaven. It’s sort of a forced relationship; it can work, but it’s not necessarily as clean as we might want it to be.