I was looking for a solution to store some private files in my Dropbox, yet, only have those files accessible to me on my PC and not on Dropbox itself. I found a tool called gocryptfs which can do exactly that. Plus, you can use this to create encrypted folders anywhere, not just for use with Dropbox.

Scenario

Whenever I want to store private files in my Dropbox, instead of copying them directly into the ~/Dropbox folder, I'll be copying them into ~/Private-Files/Dropbox. The files in this folder will only be visible after I mount the path with gocryptfs.

When I copy data into the ~/Private-Files/Dropbox/ folder - gocryptfs will encrypt that data and store it in ~/Dropbox/.private-files/. If my gocrytpfs location is not mounted, then no files will be displayed in my ~/Private-Files/Dropbox folder.

Using this method, I can both encrypt files being sent to Dropbox, and only have files visible in my $HOME when I need them.

Installing

Since I'm using Arch Linux, I can install gocryptfs via pacman:

1sudo pacman -S gocryptfs

Configuration

First, let's create a folder to store our private files:

1mkdir -p ~/Private-Files/Dropbox

Now, let's create a folder in the Dropbox folder to store the encrypted file data:

1cd Dropbox/
2mkdir .private-files

We then initialize gocryptfs to use ~/Dropbox/.private-files folder

1gocryptfs -init ~/Dropbox/.private-files

You will see that gocryptfs prompts you to create a password. Create a strong password, something you can easily remember and different than the passwords which you use elsewhere.

Once you have created a password, Press Return and you will see a notification like:

 1Your master key is:
 2
 3    << KEY DISPLAYED HERE>>
 4    << KEY DISPLAYED HERE>>
 5
 6If the gocryptfs.conf file becomes corrupted or you ever forget your password,
 7there is only one hope for recovery: The master key. Print it to a piece of
 8paper and store it in a drawer. This message is only printed once.
 9The gocryptfs filesystem has been created successfully.
10You can now mount it using: gocryptfs Dropbox/.private-files MOUNTPOINT

It is a good idea to keep a copy of your key. Create a "Safe Note" for your gocryptfs key in Bitwarden or other password storage utility that you may use.

Mounting

Now that we have our encrypted data location, our custom mount location and our password created, we can now mount our gocryptfs folder:

1gocryptfs ~/Dropbox/.private-files ~/Private-Files/Dropbox/

Enter your password, and you can now use your ~/Private-Files/Dropbox/ folder to store any data you wish to keep safe. As you add files, you will see the encrypted version of your data show in the ~/Dropbox/.private-files folder. This is the data that Dropbox will sync, not your original unencrypted files or folders.

Conclusion

Keeping your personal data secure is evermore important in today's digital world. It only takes a second for a laptop to be stolen, a USB drive to be misplaced, or someone to gain access to your computer at school, work or home. Therefore, protecting your personal data is a habit of a healthy mindset. Using tools like gocryptfs can help lessen attack vectors and keep your data safe.