I must confess: Until recently, I deeply distrusted the security of cloud-storage services such as SkyDrive, Google Drive, and Dropbox.
But now, thanks to pre-encryption software, I’m now comfortably using several cloud services — with no worries about the security and privacy of my files.
Most, if not all, cloud-storage services use some sort of server-based encryption to protect user data. But, as has been widely reported and discussed, that protection is not absolute — if your cloud-storage account is hacked or your password stolen, your files could be open to intruders.
Ensuring that the files you store online are truly safe requires encryption that you — and you alone — control. Products such as Boxcryptor, which I discuss in detail below, make it easy to pre-encrypt files before they leave your PC. Then, if a hacker manages to breach the cloud server’s own security, or if he intercepts your files while they’re being transmitted, he’ll get nothing but indecipherable gibberish.
This type of encryption works just as easily in reverse. Files and folders travel from online-storage servers to your PC under your personal encryption (on top of any encryption the service might use). Decryption takes place only when the files are back on your PC and under your local control.
Using your own encryption means that your data is always just as safe in the cloud as it is on your PC.
Below, I’ll show you — step by step — how pre-encryption software works. But first, I’ll address a couple of important points about cloud-storage services.
Why use cloud-based data storage at all?
For me, the primary benefit of cloud storage is for offsite backups. If your PC and local backups are lost or destroyed by fire, flood, theft, or whatever, you’ll still have copies of your files in the cloud.
(Keeping local copies is still important, too; some sort of disaster or outage could prevent access to your cloud-stored files.)
Moreover, cloud-based storage can act as a sort of central server. No matter where you are, a Web connection will provide quick and easy access to any file stored online.
There are dozens of cloud-storage services available; you’re probably already using one or more of the three mentioned above. But a search of the Web using the phrase cloud storage service will reveal many more.
Pre-encryption works with most cloud-storage services; but for this article, I discuss encrypting files and folders stored on Microsoft’s SkyDrive. Here’s why:
Microsoft is making SkyDrive a central part of the Windows experience. The service is built into Windows 8, and you’re “encouraged” to back up at least some of your settings and files to a SkyDrive account. Likewise, Office 2013 and Office 365 save files to SkyDrive by default.
So Microsoft’s intentions are clear: If you’re going to use Windows software, you’re going to encounter SkyDrive. With that in mind, it makes sense to start with better protection for your SkyDrive data.
To follow along with the rest of this article, you’ll need a free SkyDrive account. If you’re running Win8, it’s nearly certain you already have one. If you’re running Vista or Win7, you need a Microsoft account (which includes a free SkyDrive account) and the SkyDrive app installed locally on your system. Start by creating the Microsoft account (site); then go to the SkyDrive site and click the Get SkyDrive apps link in the lower-left corner of the window.
(Although XP users can access SkyDrive via the Web, the local SkyDrive app isn’t supported. However, XP users can use this article to encrypt their data on other, XP-compatible, cloud-storage services such as Google Drive [site].)
A free SkyDrive account currently gives you 7GB of online storage, which is plenty to start with. If you wish, you can add more storage space in increments, starting at 20GB for U.S. $10 a year.
Pre-encryption adds automatic protection
No doubt some PC users are already putting encrypted files up in the cloud. You can, for example, easily cobble together do-it-yourself encryption by using free tools such as 7-Zip (site). But that’s cumbersome, requiring several manual steps before and after every use of the encrypted files.
Pre-encryption software, on the other hand, is designed for use with cloud-storage services. It’s also transparent; as the authorized user, you save and open files just as you do with unencrypted documents. Somewhat like file compression, the encryption/decryption process is handled automatically on your local machine.
There are many kinds of pre-encryption software available. To see a list, simply search the Web using the phrase cloud encryption.
For this article, I’ve selected Boxcryptor (site). It’s free for personal use; supports Windows, Mac, Linux, iOS, and Android; and works with all the major cloud-storage providers (and numerous minor ones — see the list).
Like most pre-encryption apps, Boxcryptor creates a virtual drive on your computer. The drive acts as staging area for files going to or from whatever cloud-storage service you’re using.
Any file dropped, copied, pasted, or saved into a folder within the Boxcryptor drive is automatically encrypted (using a combination of AES-256 and RSA algorithms) and synched to the cloud. Again, the process is transparent: you access and use your cloud-based files — via the Boxcryptor drive — in the normal way. (Want the tech details? See the Boxcryptor overview page.)
Setting up Boxcryptor, step by step
Boxcryptor doesn’t do anything weird during installation, and the default settings should work fine for most circumstances. Generally, you can just read the dialog boxes, accept the default settings, and let the Boxcryptor installation run to completion. Setup is fast and takes only a short time to finish.)
Note: If you’re running Windows Professional, Enterprise, or Ultimate, the built-in Encrypting File System (EFS) is enabled by default — even if you’ve never used it. If Boxcryptor detects EFS on your system, you’ll see a dialog box that will offer to disable EFS, to prevent potential conflicts. Unless you’re actively using EFS (or the related BitLocker service), go ahead and let Boxcryptor disable EFS.
Boxcryptor will still run if you leave EFS enabled, but you could encounter conflicts when EFS tries to decrypt Boxcryptor files — or vice-versa.
(If you don’t see the EFS dialog box, it just means that either you don’t have EFS on your system or it’s already disabled.)
Step 1: Download and launch Boxcryptor for Windows (site).
Figure 1. Boxcryptor for Windows is free for personal use. The app is also available for Mac, Linux, iOS, and Android.
Step 2: When the setup wizard opens, accept the Boxcryptor terms of service and press Next.
Figure 2. The default settings in Boxcryptor's setup wizard should work for virtually all cases.
Step 3: Click the Finish button when it appears. When you exit the installer program, you’ll see a dialog box requesting that you reboot. Close all your files and programs, and let your PC restart normally.
Step 4: After reboot, you’ll see a new Boxcryptor icon on your desktop, and a Boxcryptor sign-in dialog box will open automatically. (If it doesn’t, click the desktop Boxcryptor icon.) Click the Sign up button to create an account and private encryption keys.
Figure 3. Click the Sign up button to create your Boxcryptor account and private encryption keys.
Step 5: Enter your account information. As shown in Figure 4, the dialog box is straightforward; just fill it in as indicated.
Use care when selecting a password. In Boxcryptor, your password is also used to generate the encryption keys. A long, complex, hard-to-guess password will make your Boxcryptor files as secure as possible.
If you need help generating a good password, try free online tools such as Norton’s Password Generator, GRC’s Perfect Passwords, or the Secure Password Generator — or search the Web using the phrase password generator.
Figure 4. Create a unique, high-quality, hard-to-guess password.
Step 6: Acknowledge Boxcryptor’s password warning. You’re responsible for retaining possession of the password. If you lose or forget your password, Boxcryptor can’t reset it for you! Store your password in a safe, snoop-proof place.
(For suggestions on safe, easy ways to store all your passwords, see the Oct. 17 Top Story, “Protect yourself from the next big data breach.”)
Figure 5. You must acknowledge that your password cannot be recovered or reconstructed if you lose or forget it.
Step 7: As a last setup step, select your Boxcryptor plan. In this example, I’ve selected the free option, which is fine for most private uses. (If you wish, explore the other plans via the Plans and prices link.)
Figure 6. Boxcryptor offers plans for most personal and business needs.
After you pick a plan, the Boxcryptor software will churn for a moment as it sets up your account and generates your encryption keys. The sign-in dialog box will then reappear.
Step 8: Sign in to Boxcryptor, using the username and password you created in Step 5. You’re ready to go!
As one of its first acts, Boxcryptor will open a selection of tutorials. The next section will show you the basics of using Boxcryptor. But it’s a good idea to keep the tutorial handy so you can also work through the indicated lessons step by step.
Figure 7. Boxcryptor starts you out with useful tutorials.
Using Boxcryptor with SkyDrive: The basics
Boxcryptor is a cinch to use with SkyDrive on Vista, Win7, and Win8.0. But there’s a small speed bump to overcome in Windows 8.1, because Microsoft changed SkyDrive’s fundamental operation in that version of Windows.
Win8.1′s SkyDrive now uses Smart Files, a default feature that does away with local copies of your SkyDrive files. This cuts down on local storage needs, which helps space-constrained portable systems such as those running Windows RT (Microsoft explanation).
Personally, I think this is a silly default setting. The vast majority of Win8.1 systems have plenty of local storage space. Plus, the Smart Files feature creates two problems: it does away with easy, offline access to your SkyDrive files, and it creates an obstacle for apps such as Boxcryptor — which are designed to encrypt files locally before they’re sent to SkyDrive.
To allow for offline access to SkyDrive files — and to allow apps such as Boxcryptor to work properly — Win8.1 users need to configure SkyDrive to operate the same way it works in Vista, Win7, and Win8.0. This make offline change is easy, as described on the Microsoft page, “Getting started with SkyDrive”; scroll down to the “Getting to files when you’re offline” section.
Once that’s done, all versions of Windows from Vista on will work with Boxcryptor in the same way.
Here’s how to Boxcryptor-encrypt your SkyDrive files:
In File Explorer/Windows Explorer, click on the virtual Boxcryptor drive, as shown in Figure 8. You’ll see a heading for your local SkyDrive files (which Boxcryptor created automatically).
Figure 8. Here, Boxcryptor's virtual drive automatically included a SkyDrive heading
Click on the SkyDrive heading inside Boxcryptor, and you’ll see your local SkyDrive files. (For this how-to, I created a simple test file — plaintexttestfile.txt.)
Figure 9. Sample file (circled) in a Boxcryptor-encrypted SkyDrive folder.
To encrypt any file or folder, right-click its icon and select Boxcryptor/Encrypt from the popup menu; Boxcryptor immediately encrypts the file or folder — and keeps it encrypted any time you don’t have it open. (Any new files dropped into an encrypted folder are automatically encrypted. File-by-file encryption isn’t needed.)
Figure 10. Three quick clicks encrypt any file or folder.
That’s all it takes!
Note: The first time you use Boxcryptor to encrypt files, you could encounter a small Windows bug. On some systems, Windows might incorrectly assume that locally encrypted files are managed by Windows’ Encrypted File System — even when they’re not! If this happens, a dialog box will ask you to export the local-authentication certificates used by EFS. However, Boxcryptor doesn’t use EFS and doesn’t require local-certificate export (Boxcryptor explanation).
To silence Windows’ needless nagging, just export the certificates anyway — it should take only a minute. On the Certificate Export Wizard, click Next and follow the prompts. Once that’s done, Windows shouldn’t nag you again about exporting certificates.
The encryption process is very fast. Once it’s done, you can access and use (open, edit, copy, paste, save, etc.) the encrypted files and folders within Boxcryptor just as you do unencrypted files on your system. Encryption/decryption is totally transparent.
For example, if I click my encrypted plaintexttestfile.txt file, it opens normally in Notepad, as shown in Figure 11.
Figure 11. My decrypted test file in Notepad
But Figure 12 shows what hackers would see if they hacked directly into my SkyDrive account and opened the same file in Notepad — either without Boxcryptor entirely or with Boxcryptor minus the correct password.
Figure 12. Access the file outside Boxcryptor, and it's gibberish — useless to hackers.
If this brief overview isn’t sufficient to get you going, refer to Boxcryptor’s local and online manuals, or work through the previously mentioned tutorials.
Encryption makes cloud storage much safer. Using Boxcryptor (or one of its competitors) is another important tool for keeping your data safe and secure — from all prying eyes. Cloud encryption software lets you gain the benefits of cloud storage — without risking your privacy!