[csaborio]

Hi,

I'm looking for software that will allow me to encrypt files and folders easily (e.g. right click, select encrypt) from the Finder. The purpose is to encrypt the file before it is uploaded to any cloud service (OneDrive, DropBox, etc). I don't need to view the file on any other device like my phone or anything like that, I only want the file(s) to be encrypted, period.

When and if I need the file/folder, I would just double click it on my computer (or select decrypt) and I'm done.

Is there anything like that that someone can recommend? I've tried these and they don't seem to do this, or at least not very intuitively;

• Espionage for Mac | MacUpdate
• Crypt for Mac | MacUpdate
• Cryptix for Mac | MacUpdate

Thanks!

[ghporter]

I don't know of any one-click encryption packages, but GPG doesn't take much more than one click, and you KNOW when you've told the system to encrypt something with it. I am suspect of "almost automatic" encryption for two reasons: you may forget the one step to get the encryption done, and you may accidentally encrypt everything automatically. Neither is a good choice.

GPG is an open source implementation of the OpenPGP standard. You'd want their Mac implementation, called "GPGTools." Open source encryption has a strong reputation for lacking "back doors" or other flaws in security protocols or overall implementation. In short, it would be hard for NSA to sneak in something that allows them to peek at your stuff without all the other open source contributors knowing something about it.

One more note about "encrypting everything:" you probably don't want to accidentally encrypt your emails to Mom or work documents you're sending to your boss (unless you use your work's encryption system), but encrypting everything you put "in the cloud" is a good idea.

OneDrive and DropBox are both good examples of cloud storage that users would benefit from encrypting their content with, but there's something else to consider: I use DropBox for items I share (professional group documents, etc.), while I use Evernote for stuff I do not share - keeping that sort of thing straight is helpful in avoiding sending your boss an encrypted file he can't read while leaving your credit history documents unprotected on someone else's server...

[turtle777]

I use TruCrypt for that.

Save the encrypted container on your Cloud Drive, and it mounts like an external HD on your Mac. I use it with Dropbox.

https://www.grc.com/misc/truecrypt/truecrypt.htm

-t

[csaborio]

Thank you, I think this is exactly what I was looking for. Open source is good, at slats it gives me hope that the project won't be dropped out of the blue as has been the case with some software I have purchased in the past.

We are on the same page regarding encryption, I don't want to encrypt anything else except the files I send to the cloud. My Mac has already Filevault encryption and that would let me sleep at night if my machine ever got stolen.

I'll give this a shot and report back - thanks again! 😊

Originally Posted by ghporter 

I don't know of any one-click encryption packages, but GPG doesn't take much more than one click, and you KNOW when you've told the system to encrypt something with it. I am suspect of "almost automatic" encryption for two reasons: you may forget the one step to get the encryption done, and you may accidentally encrypt everything automatically. Neither is a good choice.

GPG is an open source implementation of the OpenPGP standard. You'd want their Mac implementation, called "GPGTools." Open source encryption has a strong reputation for lacking "back doors" or other flaws in security protocols or overall implementation. In short, it would be hard for NSA to sneak in something that allows them to peek at your stuff without all the other open source contributors knowing something about it.

One more note about "encrypting everything:" you probably don't want to accidentally encrypt your emails to Mom or work documents you're sending to your boss (unless you use your work's encryption system), but encrypting everything you put "in the cloud" is a good idea.

OneDrive and DropBox are both good examples of cloud storage that users would benefit from encrypting their content with, but there's something else to consider: I use DropBox for items I share (professional group documents, etc.), while I use Evernote for stuff I do not share - keeping that sort of thing straight is helpful in avoiding sending your boss an encrypted file he can't read while leaving your credit history documents unprotected on someone else's server...

[csaborio]

Originally Posted by turtle777 

I use TruCrypt for that.

Save the encrypted container on your Cloud Drive, and it mounts like an external HD on your Mac. I use it with Dropbox.

https://www.grc.com/misc/truecrypt/truecrypt.htm

-t

Thanks, this would work fine if it was a folder that wasn't being modified constantly, but this won't be the case.

A disk image would need to be re-uploaded every time it changes, right? I'm not sure on that, but if you modify an image, a differential upload won't take effect as it would be a completely different file from what it was before?

[reader50]

You could encrypt the files in a folder, and then sync them. Only changed files would upload. The downside - anyone looking could see the file names. But not read them.

Time Machine ran into the same problem with encrypted disk images, and Apple introduced sparse bundles to solve it. Assuming your backup software handles bundles as individual files (as it should) you can backup only the changed parts of the encrypted image.

[csaborio]

Thanks! I had no idea about sparse bundles, will try with disk images and we'll see if it's does an differential upload - cheers!

Originally Posted by reader50 

You could encrypt the files in a folder, and then sync them. Only changed files would upload. The downside - anyone looking could see the file names. But not read them.

Time Machine ran into the same problem with encrypted disk images, and Apple introduced sparse bundles to solve it. Assuming your backup software handles bundles as individual files (as it should) you can backup only the changed parts of the encrypted image.

[turtle777]

Originally Posted by csaborio 

Thanks, this would work fine if it was a folder that wasn't being modified constantly, but this won't be the case.

A disk image would need to be re-uploaded every time it changes, right? I'm not sure on that, but if you modify an image, a differential upload won't take effect as it would be a completely different file from what it was before?

Not really. As far as I can observe, the TrueCrypt container is like a sparse bundle. Only the changes are synced.

-t

[turtle777]

Originally Posted by csaborio 

Thank you, I think this is exactly what I was looking for. Open source is good, at slats it gives me hope that the project won't be dropped out of the blue as has been the case with some software I have purchased in the past.

You don't have to worry about that, because it has already happened

TruCrypt development stopped earlier this year.

The consensus among the security community is that the TruCrypt developers were forced to implement back doors in the recent builds. Obviously, they are not allowed to admit that, so they stopped development, citing "security" reasons.

The old versions of TruCrypt (the page I linked) have been working w/o problems for years, are open source, and not compromised.

I continue using TruCrypt, although there is no more development ongoing.

-t

[reader50]

Originally Posted by turtle777 

The consensus among the security community is that the TruCrypt developers were forced to implement back doors in the recent builds.

turtle, do you have a link for this? The last time I read about it, the retirement was still a big mystery. Wikipedia doesn't talk about that either.

[JBracy]

Originally Posted by turtle777 

Not really. As far as I can observe, the TrueCrypt container is like a sparse bundle. Only the changes are synced.

-t

So why not create an encrypted sparse dmg image instead? Easier than going through all of the hassle and mystery of TrueCrypt.

[Mike Wuerthele]

Be wary of encryption when migrating to a new OS. Apps (especially those no longer under development) can, have, and do break when things get updated.

We're on the precipice of Yosemite, which breaks low-level things, like Parallels. Be careful.

[turtle777]

The good thing about TruCrypt is that it's cross-platform.
That's so the reason why I prefer it over sparse images.

Even if it were to break on OS X, you could always recover the data with a different OS.

-t

[turtle777]

Originally Posted by reader50 

turtle, do you have a link for this? The last time I read about it, the retirement was still a big mystery. Wikipedia doesn't talk about that either.

I'd need to google the links. I read this analysis back when.

Logically, it's the only explanation that makes sense.
The previous TruCrypt version worked for more than 4 years, and no known security issues were ever discovered.

Suddenly, a NEW version gets issued that DOES NOT claim to fix the security issues, and right after that, development is stopped.

Doesn't make any sense at all, except, if there was some event that can't be disclosed.

-t

[Mike Wuerthele]

Encryption tool TrueCrypt may be resurrected by security audit group | Electronista

[turtle777]

That would be awesome.

-t

[turtle777]

You guys might want to take a peak at this:

https://www.boxcryptor.com/en/boxcryptor

Looks like an interesting solution.

Downside is: it's not open source, so theoretically, there could be a back door.
However, since it's a German company, you'd think the NSA has less "access" or power over them.

tl/dr: Boxcryptor is convenient, but for the security paranoid, I'd still recommend TruCrypt.

-t