We’ll use the Grive Linux client for Google Drive and EncFS to create a ‘safe’ in the cloud, inside Google Drive and mount it locally:
1. Install Grive
~ sudo add-apt-repository ppa:nilarimogard/webupd8 ~ sudo apt-get update ~ sudo apt-get install grive
Create a working folder :
~ mkdir ~/grive ~ cd ~/grive/
Initial setup will require an authorization token from Google. Paste the link generated by the following command into the browser, get the token and paste it into the application:
~ grive -a
Synchronization of all the files in the cloud:
3. Create an encrypted safe
For this I’ve used EncFS to create an encrypted filesystem inside the folder for the Google Drive:
~ apt-get install encfs ~ mkdir -p ~/grive/safe ~ mkdir -p ~/safe
Mount the encrypted safe to a decrypted folder (equivalent to opening the safe). If EncFS cannot find a filesystem at the specified location, it will create a new encrypted file system there.
~ encfs ~/grive/safe/ ~/safe/
I’ve used the paranoia mode for the initial setup - AES-256, PBKDF2, 160 bit salt, External IV Chaining (More details about the settings in the man page). To verify that it was mounted correctly:
~ df -hT encfs fuse.encfs 455G 232G 200G 54% /home/liv/safe
To test the whole setup:
~ cd ~/safe/ ~ echo "secret" > test.txt ~ cat test.txt secret ~ ls ~/grive/safe/ pr6KT6wBszfvBqNLIo2pPliZ
Unmount the encrypted volume (close the safe):
~ sudo fusermount -u ~/safe
- Issue #1: EncFS uses a file named .encfs6.xml to define the encrypted storage settings. This hidden file is not synchronized by Grive.
Solution: Get a patched version of Grive or rename the file and store it on Google Drive. After synchronizing Grive on another machine, rename the encfs6.xml file to .encfs6.xml.
- Issue #2: Permission denied for /dev/fuse for the current user.
fusermount: failed to open /dev/fuse: Permission denied
Solution: Add the current user to the fuse group:
~ usermod -aG fuse ~ reboot