2 Ways to Encrypt Dropbox Files on Ubuntu Desktop & Server

If you are wondering “is Dropbox safe for confidential files”, you have come to the right place. This tutorial shows you 2 ways to encrypt files in your Dropbox account to protect your confidential files from prying eyes. This will be very helpful for those who are worried about privacy and security when storing files on cloud storage providers. Experienced Linux users can set up their own cloud storage using NextCloud, but not everyone has the skill or time to manage self-hosted cloud storage. When your Dropbox files are encrypted, no one can read them without the encryption password.

Note: This tutorial works on all current Ubuntu versions, including Ubuntu 18.04, 20.04, and 20.10.

how to encrypt dropbox on ubuntu

The first method uses a graphical tool called Cryptomator and the second uses a command-line tool CryFS, which is suitable for servers. Both of them are open-source. If you haven’t installed Dropbox on Ubuntu yet, please check out the following tutorials.

These two tools can also be used to encrypt other cloud storage like Google Drive and NextCloud. I use Dropbox as an example.

Dropbox File Encryption with Cryptomator on Ubuntu Desktop

Cryptomator is a free, open-source and easy-to-use software for encrypting cloud storage. It uses client-side encryption, which means each file is encrypted on the user’s computer before sending to the cloud. File content, file name, file size and directory names will all be encrypted.

It can run on Linux, Mac, Windows, Android and iOS. To install Cryptomator on Ubuntu, run the following 3 commands in terminal, which will install Cryptomator from the developer‘s PPA.

sudo add-apt-repository ppa:sebastian-stenzel/cryptomator

sudo apt update

sudo apt install cryptomator

cryptomator ubuntu 16.04

Once installed, Cryptomator can be started from your application menu.

cryptomator dropbox

Or you can start it from the command line.

cryptomator

When you first start Cryptomator, there is no vault. A vault is basically a virtual hard drive. So we need to click the plus button at the bottom left corneer and create a vault.

dropbox-file-encryption

Choose Create New Vault.

cryptomator create new vault

A new window appears. Give your vault a name.

cryptomator ubuntu

And choose your Dropbox folder as the destination.

dropbox cryptomator

Next, set a password to protect your vault. You can also create a recovery key in case you forget your password. If you store the password in a password manager, I think you don’t need a recovery key.

cryptomator encryption password

To start using Cryptomator, you need to re-enter your password to unlock the vault.

cryptomator unlock the vault

The vault will be mounted as a virtual hard drive under ~/.local/share/Cryptomator/mnt/. You can press Ctrl+D to bookmark vault directory in your file manager.

cryptomator unencrypted vault

Now you can put your files in the vault and they will be automatically encrypted in the background and then stored in your Dropbox folder, which is then synchronized to Dropbox servers. For example, I put 3 png files in the vault.

Encrypt Dropbox Files on Ubuntu Desktop & Server

Here is how they look like in Dropbox.

dropbox file encryption ubuntu

Since Cryptomator do encryption and decryption on-the-fly, the unlocked vault doesn’t take any space on your hard drive. Once your encrypted files are synchronized to Dropbox servers, you can lock your vault.

cryptomator lock vault

Once it’s locked, the virtual hard drive disappears from your file manager, so no one can see the original files without password.

How To Access Encrypted Files on Another Computer

Install Dropbox and Cryptomator on the second computer. Wait for Dropbox to finish syncing. Then start Cryptomator on the second computer and select “Open Existing Vault“.

cryptomator open existing vault

Navigate to the Dropbox folder and select the Cryptomator master key.

Cryptomator master key

The master key is encrypted with your vault password, so you need to click the Unlock Now button and enter your vault password to decrypt the key, which in turn will unlock the encrypted vault.

cryptomator unlock vault

If you want to share encrypted files, then create a separate vault with a different password and let your family, friends, or coworkers install Crypmator, and then tell them the password. Currently, there’s no command-line version of Cryptomator. That’s where CryFS comes in.

Using CryFS to Encrypt Dropbox on Ubuntu Server & Desktop

CryFS stands for cryptographic filesystem. It is a free, open-source encryption tool created specifically for cloud storage. Its usage is very similar to Cryptomator and can encrypt file contents, file name, file size, and directory structure.

CryFS is included in the Ubuntu repository since 17.04, so you can install CryFS by running the following command in the terminal.

sudo apt install cryfs

Ubuntu 16.04 users need to install CryFS from its repository. First, create a source list file for CryFS.

sudo nano /etc/apt/sources.list.d/cryfs.list

Then add the following line into the file.

deb http://apt.cryfs.org/ubuntu xenial main

cryfs linux

Save and close the file. Next, download and import CryFS public key using the following command.

wget -O - https://www.cryfs.org/apt.key | sudo apt-key add -

Update package index and install CryFS.

sudo apt update

sudo apt install cryfs

To create an encrypted vault in Dropbox, run the following command.

cryfs ~/Dropbox/encrypted ~/mountdir

This will create two directories. ~/Dropbox/encrypted is where the encrypted versions of your files are stored. They will be synchronized by Dropbox. ~/mountdir is where you access the decrypted files. You will be asked to create a password.

cryfs encypte dropbox

Now you can put files in mountdir directory and they will be automatically encrypted on the background and stored in ~/Dropbox/encrypted/ directory.

If I create a plain text file in ~/mountdir using the following command,

[email protected]:~$ echo "hello world" > ~/mountdir/file

The file content, file name, file size and directory structure will be encrypted in Dropbox folder.

[email protected]:~$ ls ~/Dropbox/encrypted/A60/
8EB642B7806A722005C45A7BBACD0

You can access your files through your mount directory, CryFS actually places them in ~/Dropbox/encrypted after encrypting. CryFS will encrypt and decrypt your files on the fly as they are accessed, so files will never be stored on the disk in unencrypted form.

To unmount, run:

fusermount -u ~/mountdir

To remount, run the following command and enter your password.

cryfs ~/Dropbox/encrypted ~/mountdir

How To Access Encrypted Files on Another Computer

Install Dropbox and CryFS on the second computer. Wait for Dropbox to finish syncing. Then mount the encrypted directory using the following command. You will need to enter your CryFS password.

cryfs ~/Dropbox/encrypted/ ~/mountdir

Now you can access files in ~/mountdir.

That’s it! I hope this tutorial helped you encrypt Dropbox on Ubuntu using Cryptomator and CryFS. As always, if you found this post useful, then subscribe to our newsletter to get more tips and tricks.

Rate this tutorial
[Total: 10 Average: 4.5]

4 Responses to “2 Ways to Encrypt Dropbox Files on Ubuntu Desktop & Server

  • Very cool! I never thought of this until now, but I use the KDE Plasma Desktop and they have the “Vaults” feature built right into it. I bet that can be put into Dropbox.

    I’ve stopped using Dropbox because I formatted my main partition with the F2FS filesystem to help preserve my SSD. But Dropbox has a whitelist for supported filesystems and they don’t support F2FS 🙁

    But that’s a happy accident because now I’m using MEGA.nz, which offers more space, has better Linux software support, **and** it has zero-knowledge cloud storage (full cloud encryption), which gives me everything that I want. I think you should check out MEGA.

    • skaffen-amtiskaw
      2 months ago

      Unfortunately, Mega is much slower than Dropbox, and is worse for the use case of this article in that Dropbox uses file indexing to decide what to upload. Mega, like most cloud clients, uses file timestamps. Dropbox seems pretty unique in trading CPU for bandwidth, which makes it well suited for working with encrypted blobs.

      (By the way, I use VeraCrypt volumes to have encrypted files on cloud since it’s cross platform and well-trusted.) So say you have this 100 GB encrypted volume. You make one change to one file inside the volume. With Mega, you instantly have two problems:

      1. Time metadata of volume files changes unreliably, so the Mega client might not even notice that it needs to reupload the container.

      2. If it does notice the container changed, it will proceed to upload the entire container. So, whenever you change your container, you’re using 100 GB of bandwidth. Your ISP will hate you.

      In contrast, Dropbox would begin using your CPU to index the container, identify changes to the byte sequence of the file, and only upload those changes.

      Also, you mentioned that Mega has zero knowledge encryption, and you seem like you suggested this is means you don’t have to do all this encrypted volume stuff. That’s not true. If I’m encrypting a container, I’m in full control over the security of the data in that container. Trusting the cloud provider when they say, “You don’t have to do all that, we already encrypted your stuff (from ourselves); you can trust us! 🙂” is an inferior alternative.

      Also, you mentioned you use F2FS to try to “save your SSD”. This is a mistake. You don’t need to use F2FS unless you want slightly faster performance at the cost of worse support in tons of software, from Dropbox to the Grub boot loader, which seems like a bad trade off.

      • This was the most unhelpful reply I’ve read in a long time. A big no thanks to you. Learn to communicate with people better.

    • Thanks for your tips, Michael. Will give MEGA a try.

Leave a Comment

  • Comments with links are moderated by admin before published.
  • Your email address will not be published.
  • Use <pre> ... </pre> HTML tag to quote the output from your terminal/console.
  • Please use the community (https://community.linuxbabe.com) for questions unrelated to this article.
  • I don't have time to answer every question. Making a donation would incentivize me to spend more time answering questions.

The maximum upload file size: 2 MB. You can upload: image. Links to YouTube, Facebook, Twitter and other services inserted in the comment text will be automatically embedded.