How to Encrypt Data on the Cloud

How to Encrypt Data on the Cloud

Cloud is always the safest storage space. This was explained a few weeks ago using an example of encryption Trojan. But for many applications and services you cannot avoid memory in the cloud. Those who regularly need to access their ownership in different locations are well served by the cloud system and file synchronization automatically. But one caveat remains: someone does not want to upload personal data such as tax returns, copies of ID cards or bank statements to services that may eventually fall into the hands of hackers. Investigation of intelligence authorities or services can also be used. Not only if the data is abroad.

So it must be encrypted. Password protection from Word or Excel is not enough. The most convenient is the process that runs in the background: automatically encrypts all uploaded and decrypts when loading on the device again. If this is done correctly, no one opposes it. But the software must be run on all devices used together with their own cloud. And it might not work when streaming music or video files, or when using automatic photo uploads on your smartphone. If necessary, you can encrypt only the selected folder with personal documents.

Green dot for encrypted data

The well-known specialist for these tasks is the Boxcryptor software. This can be used for free for a limited amount of money, and for reasonable efforts you pay 36 euros a year as a private individual. This application runs like it does on cloud storage constantly in the background. One chooses one or more folders for encryption, and everything that ends in it is automatically encrypted. The file tag changes, besides "bc" is added after the original file name extension, and the encrypted file is marked with a green dot.

Boxcryptor doesn't raise questions about operations and runs under Windows, on Mac, on iPhone and iPad and Androiden. Your own Boxcryptor account requires access to Cloud services, and supports more than 20 different offers such as Dropbox, Onedrive, iCloud Drive, and others. Encryption and decryption work locally. This means that Boxcryptor manufacturers and cloud storage providers cannot decrypt encrypted files. The user's password will not be sent to the Boxcryptor server. The application source code is not open. So you have to trust programmers that their own passwords have never been sent to Boxcryptor.

An open encryption system that can be tested by many critical eyes is Veracrypt. This is the successor to Truecrypt, which for many years has been the reference for this software genre. Until suddenly the programmer announced in 2014 not to follow up on the project. Truecrypt has completed the first phase of security audits with positive results at this time. The reason for the withdrawal is still confusing.

Veracrypt is free for Windows and Mac. Mac also requires Fuse file system extension, which is also free. Veracrypt functions like Truecrypt as a data dome. The principle of the work itself is simple: the part of the hard disk is made into a data space. When open, you can see the content entered, unencrypted. When closed, all content behind thick walls is hidden. To open vault it is integrated into the computer's drive system, so that it can be recognized in the Apple Finder like a mini-hard drive or USB stick and has a drive letter under Windows. Veracrypt is responsible for opening and closing safes, it does not run permanently in the background. The safe is called in a jargon container, and he is hanged.

Don't choose a container too big

Veracrypt encrypted containers can be anywhere on the computer, in the music folder, on the desktop or in the cloud. The size and name of the container can be chosen freely, because there are many improvements to secure encryption. Different crypto methods are available and further additions. Initially, just follow the standard guidelines. Containers should not be too large if they have to act as cloud safes. Because with every small change in your own file, all containers must be uploaded back to the cloud. Unlike file-based encryption, there can also be problems, because it doesn't have to be every change written immediately, so it's uploaded to the cloud. Who then forgets to remove the container before turning off the computer will lose work in the last few hours if necessary. If the container is damaged, all the files inside it are lost. And finally: losing a password also means losing data.

So, you have to be careful, but the benefit is a very secure system so that messaging services may not even hack unless they can "throw" content in other ways, such as state-managed Trojans installed on the device. If not, not much is left, at least if you choose a password that is long and complex enough for the container. If the data spy is owned by a computer, they can of course quickly or later determine whether Veracrypt or Truecrypt is active in it, tracks in other Windows registry and departments cannot be obfuscated easily.

Decryption will not work, but in some countries, such as Great Britain, law enforcement agencies can force the issuance of passwords and crypto keys under the threat of long-term prison sentences. Be prepared for such cases, because Truecrypt has a credible concept of denial. The idea: You hide other containers in an encrypted container. In the case of providing an outer container password, there are several alibi data, while very important documents are hidden in another container, which exploits the empty space from the first container. The principle of matryoshka from this nesting shielded container is very expensive, but offers the highest possible protection.