Cloud: Dropbox with CryFS in Linux and macOS
CryFS is a cryptographic filesystem for the cloud. Using “free” cloud services may seem convenient, but sharing private unencrypted data with a third party always brings the risk of data mining and data leaks. Dropbox, iCloud, OneDrive and others are not an exception. CryFs makes sure that user data only leaves the computer in an encrypted form. A brief comparison of CryFS with other software:
- As opposed to VeraCrypt, it keeps its data in small encrypted blocks and changing a small file results in only a small amount of data to be re-uploaded.
- As opposed to EncFS and eCryptfs, it doesn’t only encrypt your file contents, but also file sizes, file metadata and directory structure.
Artix Linux Installation
The installation process is straightforward:
$ pacman -S cryfs
There are two ways to use CryFS:
- using graphical user interface (GUI),
- using command line interface (CLI).
The developer of SiriKali (Francis Banyikwa) is not an official Arch Linux developer. Therefore, his GPG key needs to be verified and imported manually by selecting the key number
1 as follows:
$ gpg --keyserver hkps://hkps.pool.sks-keyservers.net --search-keys 16E2E1ACC6F51242 ... Keys 1-1 of 1 for "16E2E1ACC6F51242". Enter number(s), N)ext, or Q)uit > 1<ENTER> # or just plain import: $ gpg --recv-keys 16E2E1ACC6F51242
Finally, SiriKali can be installed as follows:
$ yaourt -S sirikali
By default, SiriKali uses as mount point its
Optionally (this is not necessary when using SiriKali): for CLI usage, a different directory, which will be the CryFS-encrypted Dropbox directory mounted to, needs to be created as follows:
$ mkdir -p $HOME/Dropbox-Unencrypted/Private-Directory
Considering the CLI usage, an appropriate directory should be created for each CryFS-encrypted Dropbox directory somewhere in the filesystem. Creating an encrypted directory and mounting it to:
$ cryfs $HOME/Dropbox/Private-Directory $HOME/Dropbox-Unencrypted/Private-Directory
-u to unmount,
-z to “lazy” unmnout):
$ fusermount -u $HOME/Documents/Dropbox-Unencrypted/Private-Directory
The installation in macOS is a bit complicated, as it requires Homebrew package manager to be installed. Should the macOS device lack the Homebrew package manager, it can be installed using the macOS: Install Homebrew tutorial accordingly.
CryFS (including its prerequisite
osxfuse) can be installed as follows:
$ brew install caskroom/cask/osxfuse $ brew install cryfs
Installation of prerequisites:
$ brew install libgcrypt qt5 pkg-config cmake
Cloning the project’s GIT repository:
$ cd /tmp $ git clone https://github.com/mhogomchungu/sirikali.git
Compilation from source:
$ cd /tmp/sirikali $ mkdir build $ cd build $ export CMAKE_PREFIX_PATH=/usr/local/opt/qt5/ $ cmake -DCMAKE_INSTALL_PREFIX=/tmp/sirikali -DQT5=true -DCMAKE_BUILD_TYPE=RELEASE . .. $ make -j$(sysctl -n hw.ncpu) $ make install
In the Finder, the installation is performed by dragging
SiriKali from the
/tmp/sirikali directory to the
$ rm -rf /tmp/sirikali
Note: The manual usage is pretty much the same as described in the Artix Linux section, only the unmounting process is managed by the
umount command (instead of the
fusermount command in Linux).