Ubuntu One Client

Possible to encrypt with ecryptfs/truecrypt/encFS/other?

Asked by Johan van Dijk

I know that file transfers use SSL and I need a password to get to my files. But I don't think that's secure enough.

Is it possible to encrypt the files in a folder that's synced with Ubuntu One?
I realise that can make web access difficult or even impossible, but that's not a problem for me.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu One Client Edit question
Assignee:
No assignee Edit question
Solved by:
Elliot Murphy
Solved:
Last query:
Last reply:
Revision history for this message
Best Elliot Murphy (statik) said : 		#1

Yes, you can encrypt your files before putting them in the Ubuntu One directory. I'm not sure you could use ecryptfs or similar solutions because as I understand it they decrypt your files when you login, so the ubuntuone syncdaemon would be reading the decrypted files. However, if you are able to layer things so that only encrypted files are placed in the Ubuntu One/My Files directory, then only encrypted data would be syncronized between your machines. I don't think this would work very well in practice if you were using more than one machine, because conflicts would be nearly impossible to resolve.

I know we want to find a good way to integrate with the Private/ directory stuff that is in ubuntu now, but there are still a handful of details to figure out.

Revision history for this message
Johan van Dijk (johanvandijk) said : 		#2

Thanks Elliot Murphy, that solved my question.

Revision history for this message
Daniel Holbert (dholbert) said : 		#3

If you're looking to do something like this, I highly recommend using "encfs" -- I'm using that to keep private documents synchronized across multiple machines. (Just put the encrypted directory in your UbuntuOne/Dropbox-synchronized directory, and it'll stay up-to-date)

I strongly recommend **against** using ecryptfs for this -- I tried that with Dropbox a while back, and it didn't work well. I think ecryptFS doesn't automatically update the plaintext "view" of files when their encrypted backend-version was changed underneath it (by Dropbox / UbuntuOne). And that causes things to get badly out of sync.

encfs does a much better job with this. As Elliot says, the only real problem is conflict-resolution -- but as long as you don't update these files too frequently on network-disconnected machines, you should be fine. (because you'll always be working with the latest version)

Revision history for this message
Daniel Holbert (dholbert) said : 		#4

> ecryptFS doesn't automatically update the plaintext "view" of files
> when their encrypted backend-version was changed underneath it

sorry, I meant "cleartext", not "plaintext" -- i.e. the decrypted version of the file.