Secure remote storage with Dropbox and TrueCrypt

Posted on 2009/10/11


Dropbox is a service for backup and synchronization of files, and it runs on Windows, Mac OS X and Linux.  As I pointed out before, I’d like to be able to use Dropbox without security torments. I don’t think that the guys who run Dropbox really want to peek inside my files, but the risk that someone else does indeed gain access to my data, accidentally or intentionally, is not negligible. A malicious employee, a security breach, the company is sold… I want to feel safe; I need a solution that, on top of Dropbox, adds the security I need. One of the best things about Dropbox is the ability to run on most computer platforms, so a nice solution to the security problem should also possess this quality. The most portable solution up to now seems to be the addition of TrueCrypt. TrueCrypt is a cross-platform encryption software that, among other functionalities, creates files that can be used as encrypted volumes. The idea is to put these encrypted files (that can be considered as safety vaults) inside Dropbox, and to use TrueCrypt on the local copy of the files to decrypt and access the private data. In this way, the data that is stored inside Dropbox is completely unusable by everyone, except the ones who can decrypt it. The decryption can involve a password that a user must remember, a key file that a user must have in his computer, or both.  I like the idea of having both because then, in order to read my data, a potential spy must have:

  • The encrypted vault file (located in my Dropbox or any other computer linked to it)
  • The key file (located in my computers or inside a USB drive)
  • The password (located in my brain)

I think the only feasible attacks to read my data would then be aimed at reading it when I have decrypted it (other than beat me with a 5$ wrench to make me hand over my USB drive and spit out the password).

Installation steps in brief:

  • Install Dropbox
  • Install TrueCrypt (or use it in Portable Mode)
  • Create a TrueCrypt encrypted vault file (with optional key file)
  • Put the vault file in a Dropbox folder
  • The vault file is automatically synchronized by Dropbox

For each other computer that you want to use to access the vault, you need to:

  • Install Dropbox
  • Install TrueCrypt (or use it in Portable Mode)
  • Synchronize the Dropbox folder (to download the vault file)
  • Copy the optional key file

The common use case to access your private data will then be:

  • Mount the vault
  • Access or modify the files inside the vault
  • Unmount the vault
  • The vault file is automatically synchronized by Dropbox

Tips to Ubuntu users:

I created a simple script that opens/closes a vault. It can be easily added to the “Applications” menu.



if mount | grep "${MOUNT_DIR}" >/dev/null; then
    truecrypt -d "${VAULT_FILE}" && zenity --info --text="Vault closed: ${VAULT_FILE}";
    test -d "${MOUNT_DIR}" || mkdir -p "${MOUNT_DIR}"
    truecrypt --keyfiles="$KEY_FILE" "${VAULT_FILE}" "${MOUNT_DIR}" && gnome-open "${MOUNT_DIR}";

Another useful trick for Linux/Mac users is to keep the files in the Dropbox folder, and create a link where you need them using “ln -s target link_name“. For example, you can copy the “places.sqlite” file that is inside your Firefox profile, and contains your bookmarks and history, inside the Dropbox folder, and create a link to it in your Firefox profile folder. Doing so, you can synchronize your Firefox bookmarks for all your computers.

Posted in: Internet, Security