Encrypt all the things - How to store your data safely ANYWHERE.

When a hacker gets into my drive. Purchased from twenty20

Goals for this list:

  1. Tools to be open source.
  2. Rate the ease of use of each.
  3. Define the encryption standards.
  4. Explain the pros and cons of each.

1. Cryptomator

-> Ease of use: 4.5/5

Top of the list (easily) Cryptomator is one of the most straightforward, tried and tested, tools out there. Build to work with cloud, as well as local, encryption, they also have iOS, Android, MacOS, Windows, and Linux applications that are easy to use. They also have some great ties with other tools (Not open source but worth a look).

So clean and easy
  • Good encryption and brute force protection
  • Easy to use with nearly any cloud provider (build in integrations with several)
  • Cross-platform (iOS, Android, Linux, Windows, Mac)
  • Very well recognized and active development
  • Encrypts file-by-file, not within a container (compare this with VeraCrypt)
  • Slow transfer speeds (Max ~ 15–150MiB/s depending on platform (Windows is best, Linux/Mac the worst))
  • Mobile Apps not open source
  • Managing across devices can be complicated.

Use it:

2. VeraCrypt

-> Ease of use: 3.5/5

Daunting but easy once you do it once.
  • The ability to create a virtual encrypted disk inside of a file and then mount the virtual encrypted disk as if it were a real disk
  • Encrypt a whole partition or a storage device, like a flash drive or a hard drive
  • The ability to encrypt a partition or a drive (Windows) making it possible for data to be read and written with the same speed as if the drive were not encrypted
  • Gives plausible deniability if you were forced to reveal your password using hidden volumes and hidden operating systems provide additional protection.

Use case in the Cloud

I create a large filesystem (movies, pictures,music,etc). Uploading it to the cloud for the first time, everything is fine. Now I add some additional photos of my Cat, changing some small files. This means that my large container file changes, and I must re-upload the whole container. Which is not convenient. Some cloud storage solutions (if you’re lucky) notice that only a small part of the container file changed, and will chunk the file and update the relevant chunk only. Conflicts can happen if you edit the file on another device before uploading, as you containers will be different. (AKA Gona have a bad time.)

So many options
  • Single large container, regardless of files.
  • Not cloud friendly.
  • Not straightforward for most and files not accessible on a mobile.

Use it:

  • Download VeraCrypt here. Desktop only, no mobile apps.
  • “Create a Volume”
  • Hidden or Standard?
  • Volume location (make a folder)
  • Select your encryption and your hashing algorithm (AES 128 is uncrackable (feasibly for now) or AES 256 if you’re extra paranoid)
  • Define your volume size (It will be this size regardless of files)
  • Define your passphrase (Remember, the longer the better)
  • Pick your filesystem (exFAT is good across all platforms)
  • Mount and you’re done :)

3. RClone

-> Ease of use: 3/5

Not typically viewed as an encryption tool, but RClone is the ultimate cloud torage multi-tool. It can: move, copy, sync, mount, check, chunk, delete, dedupe, cleanup, list, size, and of course encrypt.

4. GoCryptFS

-> Ease of use: 2/5

A relative newcomer in the game

$ mkdir cipher plain
$ gocryptfs -init cipher
$ gocryptfs cipher plain

5. CryFS

-> Ease of use: 2/5

CryFS like all other solutions described here, offers a virtual filesystem and you can work with your files without thinking about the encryption that is happening in the background. It was built specifically to be used together with Dropbox or other cloud storage providers. It supports Linux and Mac, and since version 0.10 has experimental Windows support (Untested by me).

Diagram of how data is stored — Cryfs website

Honorable mentions:

  • encfs (In maintenance mode)
  • securefs (No updates in months so unsure)
  • 7Zip (Windows only but containers can be compressed and encrypted)
  • eCryptfs (Linux only, but very well known and secure)
  • Keka (MacOS only but containers can be compressed and encrypted)


Most of the information above is taken from the source sites themselves and I have referenced these as much as possible. Additional information was through my own trial and error in using these systems.

  1. After creating the GoCrypt Container he moves the config file (the encrypted key for the files) to a VeraCrpt Container using a different password.
  2. When accessing/decrypting/mounting the GoCrypt folder, he first unencrypts the Veracrypt container and using the below command to point GoCrypt to the new location for the config file:
gocryptfs -config /veracrypt/folder/with/gocryptfs.conf /gocrypt/encrypted-folder/ /mount-point/folder/decrypted
  • umount the in clear folder (GoCryptFS folder);
  • Close VeraCrypt container.
  • Layering is always good. Using 2 different services reduces the risk if one is compromised.
  • It keeps the VeraCrypt container small. Making it easy to sync with cloud storage.
  • More complicated — this method would be for advanced users who are more comfortable with the command line approach.
  • Multiple passwords — lose one password and there is no recovery. This is good/bad, as that is also the point of this article.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


General geek, Engineer. Productivity, Python, and anything I can break or build, why not?.