My wife and I have been searching for months for a service to allow us to store our sensitive files in Dropbox securely. There are a lot of services out there that promise to do this well, but frankly, it's hard to trust that our data would be safe if they happened to be hacked or compromised. I therefore went looking for a piece of software that was:
- Vetted as being secure.
- Ubiquitous. Something I wouldn't need to worry about installing or finding on a future machine.
- Compatible with Mac OS X.
TrueCrypt, an open-source file encryption product, seemed like it might fit the bill. However, I must have had my head in the sand about a year ago (sure enough, I was off the grid when it happened), but TrueCrypt was abandoned by its developers with a very vague / scary message on their website:
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
Ok then. So that in itself wasn't reason enough for me to give up. I went ahead and downloaded TrueCrypt from some random site and verified the checksum (remind me which of my family is going to know how to do this?) and installed it (in order to do this, I had to temporarily disable OS X's protection against unsigned software in "Security & Privacy" in System Preferences).
That's a lot of steps for someone who just wants to share encrypted files. And more steps are bad—I didn't want people I'm sharing stuff with to just give up. We'd be back to square one.
Not to mention, TrueCrypt doesn't offer dynamically sized volumes. You have to specify the size of the volume at the time of creation. This means that if the number of files in a volume you're sharing hits the limit—too bad. You need to now create a new volume (one with a larger limit) and move all of the existing files from the previous volume into it. That's a drag. And sort of dumb.
Off I went looking for an alternative. "Wait", I thought, "doesn't OS X provide full-disk encryption via FileVault?". Well, I didn't actually ask myself that, but I concluded that there must be a way to do this just using a stock Mac OS X installation.
Sure enough, after some digging, I found this on Apple's support site: How to create a password-protected (encrypted) disk image. Boom! There we have it.
If you follow the instructions (which are quite simple, really), you'll have a "file" (which is actually a "sparse image"—sort of like a Volume) which you can drop into a shared Dropbox folder and share with anyone you want. To add or remove files to the encrypted folder, you need to double click it, type in the password, and then open it like you would any other volume (like your Hard Drive or a USB stick). Once you're done modifying files, just "eject" it. Easy peasy. Dropbox syncs it immediately.
Oh—and the folder resizes automatically! Another huge plus over TrueCrypt.
So, in short, you can create an AES-encrypted folder, inside your Dropbox, and anyone else who uses a Mac will be able to add or remove files from it without needing to install any third-party software. And, it's free.
Go forth and encrypt!
P.S. Windows users might have similar luck with BitLocker.
P.P.S. Jamie Phelps pointed me to this AgileBits article regarding a downside of using sparse bundles and Dropbox (note–a sparse image and a sparse bundle are not the same thing, so the two may not have the same downsides). Knox stores its vaults with OS X sparse bundles, and those have been shown to have issues syncing over Dropbox when simultaneous edits are made. I've yet to see this be a problem with using sparse images (since OS X—and Dropbox—treats a sparse image as a single file), but it might be an issue. Jamie recommends SafeMonk as an alternative.