craftwa.re

A walk outside the sandbox

Home Blog Cheat Sheets MacOS Tips Area 51 About

Store Encrypted Files on Google Drive

07 Aug 2013 | Security

Logo

Procedure

We’ll use the Grive Linux client for Google Drive and EncFS to create a ‘safe’ in the cloud, inside Google Drive and mount it locally:

1. Install Grive

~ sudo add-apt-repository ppa:nilarimogard/webupd8
~ sudo apt-get update
~ sudo apt-get install grive

2. Usage

Create a working folder :

~ mkdir ~/grive
~ cd ~/grive/

Initial setup will require an authorization token from Google. Paste the link generated by the following command into the browser, get the token and paste it into the application:

~ grive -a

Synchronization of all the files in the cloud:

~ grive

3. Create an encrypted safe

For this I’ve used EncFS to create an encrypted filesystem inside the folder for the Google Drive:

~ apt-get install encfs
~ mkdir -p ~/grive/safe
~ mkdir -p ~/safe

Mount the encrypted safe to a decrypted folder (equivalent to opening the safe). If EncFS cannot find a filesystem at the specified location, it will create a new encrypted file system there.

~ encfs ~/grive/safe/ ~/safe/

I’ve used the paranoia mode for the initial setup - AES-256, PBKDF2, 160 bit salt, External IV Chaining (More details about the settings in the man page). To verify that it was mounted correctly:

~ df -hT
encfs        fuse.encfs  455G  232G  200G  54% /home/liv/safe

Test

To test the whole setup:

~ cd ~/safe/
~ echo "secret" > test.txt
~ cat test.txt
secret
~ ls ~/grive/safe/
pr6KT6wBszfvBqNLIo2pPliZ

Unmount the encrypted volume (close the safe):

~ sudo fusermount -u ~/safe

Notes

  • Issue #1: EncFS uses a file named .encfs6.xml to define the encrypted storage settings. This hidden file is not synchronized by Grive.

Solution: Get a patched version of Grive or rename the file and store it on Google Drive. After synchronizing Grive on another machine, rename the encfs6.xml file to .encfs6.xml.

  • Issue #2: Permission denied for /dev/fuse for the current user.
fusermount: failed to open /dev/fuse: Permission denied

Solution: Add the current user to the fuse group:

~ usermod -aG fuse 
~ reboot

References