Do you share a computer with someone or want to be able to access your personal Dropbox account on your work computer? Do you want to keep your files private while doing that? Here’s what you need to do: Encrypt Your Dropbox Folder!
We’re going to use TrueCrypt to encrypt our Dropbox files. There are two ways to accomplish this:
- If you only have one file or a folder inside your Dropbox folder that needs encryption, you can manually encrypt specific files
- If you want to encrypt everything, you can Move Your Dropbox Folder to an Encrypted Folder.
Manually Encrypt Specific Files with TrueCrypt
In this scenario, you’ll basically just store your sensitive data in your TrueCrypt container, which is saved to your Dropbox folder. Our steps for encrypting your data with TrueCrypt in this case remain the same. Just select the Dropbox folder as the TrueCrypt container location.
If you’ve never used TrueCrypt before, here are the steps you’ll need to follow:
1. Download, install, and launch TrueCrypt
2. After hitting the “Create Volume” button, choose the default to “create an encrypted file container” and a “Standard TrueCrypt Volume”.
3. Here’s where the steps differ: When prompted to select a location for your TrueCrypt Volume, navigate to your Dropbox folder.
4. Then you’ll run through the rest of the TrueCrypt encryption steps, including selecting the default AES encryption scheme and volume size (choose a capacity less, obviously, than your total Dropbox account storage space).
Once you’ve entered your volume password and formatted the TrueCrypt volume, it’ll be saved and ready for action in your Dropbox folder.
To mount the volume as a virtual—but encrypted—drive that you can copy and paste to, from the TrueCrypt program, select a drive letter, then select your TrueCrypt file in the Dropbox folder, and click “Mount.”
You’ll be able to copy and paste sensitive documents to that encrypted container just like you would a regular drive, as long as the volume is mounted.
Move Your Dropbox Folder to an Encrypted TrueCrypt Volume
The above works well when you have a mix of plain old documents and more sensitive files that you want to store together on Dropbox—you can use a TrueCrypt container for your most sensitive files and the regular service for everything else (for easy collaboration and remote editing). Encrypting your files before storing them on Dropbox is also your main recourse when it comes to privacy and security concerns about the service having access to your data.
If you want encrypt everything in your Dropbox folder locally, you can just move the Dropbox folder into a TrueCrypt container. As readers pointed out, this won’t address the privacy concerns of Dropbox being able to decrypt your information, but it would secure the contents of your Dropbox in case, say, you lost your laptop or your computer was compromised. Here are the instructions from Dropbox of this process:
1. As above, download, install, and launch TrueCrypt
2. Create a new standard TrueCrypt volume (Create volume > Create an encrypted file container > Standard TrueCrypt volume, using NFTS filesystem) anywhere on your hard drive, and set a volume size and password for accessing the volume later.
Once it’s formatted, make sure the TrueCrypt volume will be mounted on logon:
3. In TrueCrypt, click on the Select File button, select the container you just created, click on an unused drive letter and then click the Mount button.
4. From the Favorites menu, select Add Mounted Volume to Favorites and make sure Mount select volume upon login is checked.
Next, we’ll move Dropbox to the encrypted TrueCrypt drive:
5. Right-click on the Dropbox icon in the system tray and go to Preferences.
6. In the Advanced tab, click the Move button to change the location for Dropbox to the virtual drive letter you just created.
Modify Your Script
Finally, Dropbox recommends creating a login script to modify Dropbox so it will wait until the drive is ready before starting:
In your Dropbox preferences, click the General tab, then turn off the checkmark beside Start Dropbox on system startup.
- Create a new text file called bootup.bat somewhere on your C: drive.
- If file extensions are hidden by Explorer, you may need to turn them on to ensure the file gets the .bat extension rather than .bat.txt. (The option in Explorer is under Tools > Folder Options > View, then under Advanced Settings select Show hidden files, folders and drives).
- Paste the following commands into the bat file:
@echo off
rem Every second, check to see if volume is mounted
echo Waiting for volume…
:keepwaiting
ping -n 1 -w 1000 127.0.0.1 > nul
if not exist F:\ goto keepwaiting
start “Dropbox” “C:\Documents and Settings\YourUserName\Application Data\Dropbox\bin\Dropbox.exe” - Tailor the script as follows, then save it:
Change F:\ to the drive letter of your mounted volume (which you picked in step 2.2)
Change the path on the last line to include the location of the Dropbox application files. e.g. On Windows 7 it would be:
C:\Users\YourUserName\AppData\Roaming\Dropbox\bin\Dropbox.exe - Create a shortcut to bootup.bat in your Startup folder. Your startup folder is usually located at:
Windows XP: C:\Documents and Settings\YourUserName\Start Menu\Programs\Startup
Windows 7: C:\Users\YourUserName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup - Reboot your computer and test.
FYI, before you dismount the encrypted volume, you’ll need to close Dropbox.
Dropbox’s tips and tricks wiki notes that there are also sensitive *.db (Dropbox configuration) files located in alternative locations, and offers suggestions for ways to relocate those files or the entire Dropbox application.