Storing your data is easy. Protecting it is hard. Our personal information, photos, documents, banking information, and more is being stored by third-parties and we are giving up control for convenience.
We all have a choice of which provider we want to use to store our information: Dropbox, Google Drive, OneDrive, iCloud, Box, etc. We can access our data anywhere, anytime, and its awesome. They have great apps, and you can selectively sync on your desktop or phone, not having to worry about storage space.
That’s all good but I want to store my data and sleep sound that nobody can access it, service provider, government, hacker, that crazy ex we all have who is totally trying to guess my password right now. This seems daunting but there have been some amazing developers who have created some open source tools to be able to manage this and not have to pay enterprise prices, for enterprise encryption.
Goals for this list:
- Tools to be open source.
- Rate the ease of use of each.
- Define the encryption standards.
- Explain the pros and cons of each.
1. Cryptomator
-> Ease of use: 4.5/5
Top of the list (easily) Cryptomator is one of the most straightforward, tried and tested, tools out there. Build to work with cloud, as well as local, encryption, they also have iOS, Android, MacOS, Windows, and Linux applications that are easy to use. They also have some great ties with other tools (Not open source but worth a look).
Cryptomator encrypts file contents and names using AES256 encryption (AKA the global standard). Your passphrase is protected against brute forcing attempts using scrypt. Directory structures get obfuscated as well as filenames.
It’s is a free and open source software licensed under the GPLv3. This allows anyone to check the code and audit it. This means: no backdoor and constant scrutiny. It’s a zero trust system as the code is free to view/fork/clone right here! Their Docs are nicely written and they even provide a sanitizer tool encase your vault gets corrupted.
It can also be combined with Mountain Duck (Paid tool 39 USD — Yikes I know), you can create a seamless desktop experience with selective sync as well as some other neat features.
Pros:
- Good encryption and brute force protection
- Easy to use with nearly any cloud provider (build in integrations with several)
- Cross-platform (iOS, Android, Linux, Windows, Mac)
- Very well recognized and active development
- Encrypts file-by-file, not within a container (compare this with VeraCrypt)
Cons:
- Slow transfer speeds (Max ~ 15–150MiB/s depending on platform (Windows is best, Linux/Mac the worst))
- Mobile Apps not open source
- Managing across devices can be complicated.
Use it:
- Download the app here (or via iOS / Play store).
- Select your folder (On desktop you’ll need Dropbox/Drive/etc provided Apps)
- Pick your passphrase (not a passWORD, applesarefruitsanddidyouknowtomatosarefruits is a password that would take 1 septendecillion years to crack.
- You now have your Volume mounted as an external drive.
- Place a file in the Drive and watch the magic happen.
2. VeraCrypt
-> Ease of use: 3.5/5
Well known, and trusted encryption. VeraCrypt is an source utility used for on-the-fly encryption. It creates virtual encrypted (mountable) disk within a file or encrypt a partition or the entire storage device. VeraCrypt is a fork of the discontinued TrueCrypt project. Improving on TrueCrypt and bringing it into the modern age.
Some of its features include:
- The ability to create a virtual encrypted disk inside of a file and then mount the virtual encrypted disk as if it were a real disk
- Encrypt a whole partition or a storage device, like a flash drive or a hard drive
- The ability to encrypt a partition or a drive (Windows) making it possible for data to be read and written with the same speed as if the drive were not encrypted
- Gives plausible deniability if you were forced to reveal your password using hidden volumes and hidden operating systems provide additional protection.
VeraCrypt runs on Windows, Linux and Mac. It keeps your files confidential, but does not protect the integrity, i.e. a hacker can’t read your files, but they could modify them without you noticing.
If you want to use it to encrypt your Dropbox, you could put the encrypted container file in your Dropbox folder and it would get automatically synchronized to all devices connected to your Dropbox.
This is very convenient to use and it is secure. However, there is a problem with it. VeraCrypt is not designed to be used in the cloud and a container file can get very large (TB easily if you’re like me). When you set up your drive you have to choose a maximal size for your filesystem in advance and the container file will have this size, no matter how much of the space you actually use.
Use case in the Cloud
I create a large filesystem (movies, pictures,music,etc). Uploading it to the cloud for the first time, everything is fine. Now I add some additional photos of my Cat, changing some small files. This means that my large container file changes, and I must re-upload the whole container. Which is not convenient. Some cloud storage solutions (if you’re lucky) notice that only a small part of the container file changed, and will chunk the file and update the relevant chunk only. Conflicts can happen if you edit the file on another device before uploading, as you containers will be different. (AKA Gona have a bad time.)
Long story short, VeraCrypt is amazing, very secure with lots of encryption options to encrypt, but it’s not “build for the cloud”. Good for local file encryption, or if you just want to make a small vault with your important information, bad if you want total utter beautiful encryption.
Pros:
- Feature rich, with multiple options for encryption/hashing.
- GUI interface that is (relatively) easy to use.
- Cross-platform (Linux, Windows, Mac)
- Very well recognized and active development.
- Ability to hide containers, or hide a file within another container steganography).
Cons:
- Single large container, regardless of files.
- Not cloud friendly.
- Not straightforward for most and files not accessible on a mobile.
Use it:
- Download VeraCrypt here. Desktop only, no mobile apps.
- “Create a Volume”
- Hidden or Standard?
- Volume location (make a folder)
- Select your encryption and your hashing algorithm (AES 128 is uncrackable (feasibly for now) or AES 256 if you’re extra paranoid)
- Define your volume size (It will be this size regardless of files)
- Define your passphrase (Remember, the longer the better)
- Pick your filesystem (exFAT is good across all platforms)
- SHAKE YOUR MOUSE AND MAKE SOME RANDOMNESS
- Mount and you’re done :)
3. RClone
-> Ease of use: 3/5
Not typically viewed as an encryption tool, but RClone is the ultimate cloud torage multi-tool. It can: move, copy, sync, mount, check, chunk, delete, dedupe, cleanup, list, size, and of course encrypt.
I’ve written before about how to setup the basics of RClone and create add cloud storage systems here:
Files are encrypted 1:1 source file to destination files. With a very good community and amazing documentation, RClone is my personal favourite. I use the tool across many of my projects and it’s very handy.
Crypto Overview
The initial nonce is generated from the operating system’s crypto strong random number generator. The nonce is incremented for each chunk read making sure each nonce is unique for each block written. The chance of a nonce being re-used is minuscule. If you wrote an exabyte of data (1⁰¹⁸ bytes) you would have a probability of approximately 2×10⁻³² of re-using a nonce.
This uses a 32 byte (256 bit key) key derived from the user password. 256 bits being an ideal key size as it is far beyond any current brute forcing capabilities.
1MB (1048576 bytes) file will encrypt to 1049120 bytes total (a 0.05% overhead). This is the overhead for big files.
Name encryption
Filenames and also file folders can be encrypted or unencrypted optionally. And while you setup your “Crypt” folders, these granular options can be configured easily. File segments are padded using using PKCS#7 to a multiple of 16 bytes before encryption.
They are then encrypted with EME using AES with 256 bit key. EME (ECB-Mix-ECB) is a wide-block encryption mode presented in the 2003 paper “A Parallelizable Enciphering Mode” by Halevi and Rogaway. This method of encryption is very well studied and is a standard across many encryption systems today. This makes for deterministic encryption which is what we want — the same filename must encrypt to the same thing otherwise we can’t find it on the cloud storage system.
This means that filenames with the same name will encrypt the same filenames which start the same won’t have a common prefix
Key derivation
Rclone uses scrypt with an optional user supplied salt (password 2 in the setup) to derive the 80 bytes of key material required. If the user doesn’t supply a salt then rclone uses an internal one. Scrypt makes it impractical to mount a dictionary attack on rclone encrypted data. For full protection against dictionary attacks it’s always advised to use a salt, which can be enabled in the standard setup of rclone.
4. GoCryptFS
-> Ease of use: 2/5
A relative newcomer in the game
Gocryptfs, like VeraCrypt and Cryptomator, offers you a virtual filesystem, so the encryption is happening in the background and doesn’t interfere with your workflows. It doesn’t support Windows as standard (only Linux and Mac), but the creator has endorsed a third party client for Windows (cppcryptfs). As opposed to VeraCrypt, it doesn’t store your files in one big container file, but encrypts file-by-file (Similar to RClone).
Built with speed in mind, the system is built using the GO Programming language, which is also very efficient. Meaning it can be run easily on a cheap VPS or RaspberryPi. Since there is an encrypted file for each of your files, a hacker can exactly see how many files you have, how large each file is and how they are structured into directories. These details can be compared to known files and persistent attackers can identify files being stored in your system. In a recent security audit, which was taken very seriously by the project owner, he addressed each concern and it’s open to read HERE.
Gocryptfs uses GCM cipher mode. This means it doesn’t only protect confidentiality, i.e. against adversaries reading your files, but also integrity, i.e. against adversaries modifying your files without you noticing it. As well as using scrypt to protect against dictionary attacks.
GOCryptFS is being very activily maintained, although only by 1 developer. It is very stable and a system I am personally leaning towards (Mostly for it’s speed!)
Usage:
$ mkdir cipher plain
$ gocryptfs -init cipher
[...]
$ gocryptfs cipher plain
[...]5. CryFS
-> Ease of use: 2/5
CryFS like all other solutions described here, offers a virtual filesystem and you can work with your files without thinking about the encryption that is happening in the background. It was built specifically to be used together with Dropbox or other cloud storage providers. It supports Linux and Mac, and since version 0.10 has experimental Windows support (Untested by me).
CryFS follows established security standards and is the only tool in this list that works without revealing file sizes. Below image from their website represents well how they store files, obfuscating folders, files, and names. As opposed to VeraCrypt, it keeps its data in small encrypted blocks and changing a small file results in only a small amount of data to be re-uploaded. More information on how this is achieved can be found here. The security of CryFS has been proven in a master’s thesis in 2015. As far as I know, CryFS is the only solution in this list for which this has been done.
CryFS offers confidentiality and, since version 0.10, also integrity of your data. This means, attackers cannot read your files, file sizes or directory structure, and also prevents attackers from modifying any of that. The main drawback of CryFS is that it is relatively new, and still in beta. The developers are actively developing it.
Limitations:
A downfall is the number of files the system generates. With some online file storage, the total number of files is limited (TDrives can only store 400,000 files — which is massive but easily fill-able).
Secondly, an additional downfall is that if you store smaller files, you can create massive amounts of “extra” data, when your files are obfuscated. This can be an issue if you encrypt files smaller than a few MB. For larger files, no “extra” data is created, and the additional overhead is minimal.
The developers state the speeds are between 80–170mbps, though that is on an SSD server and I personally havn’t tested that yet.
Honorable mentions:
- encfs (In maintenance mode)
- securefs (No updates in months so unsure)
- 7Zip (Windows only but containers can be compressed and encrypted)
- eCryptfs (Linux only, but very well known and secure)
- Keka (MacOS only but containers can be compressed and encrypted)
TL;DR
Cryptomator works everywhere (Desktop/mobile) and is good on cloud or locally. If you want to be fancy use RClone Crypt or GoCryptFS (CLI Based). VeraCrypt is great but not for cloud. Cool projects like cryfs are coming, but still in beta stage.
Notes/Additions:
Most of the information above is taken from the source sites themselves and I have referenced these as much as possible. Additional information was through my own trial and error in using these systems.
Joseph Curto has shared his setup using a combination of GoCryptFS and VeraCrypt to layer security tools and maximize his security.
- After creating the GoCrypt Container he moves the config file (the encrypted key for the files) to a VeraCrpt Container using a different password.
- When accessing/decrypting/mounting the GoCrypt folder, he first unencrypts the Veracrypt container and using the below command to point GoCrypt to the new location for the config file:
gocryptfs -config /veracrypt/folder/with/gocryptfs.conf /gocrypt/encrypted-folder/ /mount-point/folder/decrypted- umount the in clear folder (GoCryptFS folder);
- Close VeraCrypt container.
Advantages to this setup:
- Layering is always good. Using 2 different services reduces the risk if one is compromised.
- It keeps the VeraCrypt container small. Making it easy to sync with cloud storage.
Disadvantages:
- More complicated — this method would be for advanced users who are more comfortable with the command line approach.
- Multiple passwords — lose one password and there is no recovery. This is good/bad, as that is also the point of this article.
Thanks Joesph for sharing, I hope I have explained it the way you intended. — David.
