NSC 66: Using Cloud Storage Securely with Boxcryptor

Cloud Storage

Cloud storage is a wonderful thing, it allows us to upload a backup of our files anywhere in the world. We can access our files at any point we choose. This is a great convenience brought to us by the internet and big data companies. Like all things, with great convenience comes great compromise. When you use cloud storage, you are handing over your personal files. Whether they be company secrets, nudes or nuclear codes, your cloud provider has access. The only thing stopping your cloud storage provider from looking at your files is their word. In almost all cases, your files are not encrypted with zero knowledge encryption.

All modern cloud providers will use some sort of HTTPS/TLS to encrypt your traffic to their server, but once on their server, they have the ability to open every single one of your files. Dropbox uses your love of convenience to scan each one of your files for things like child pornography, pirated movies and any other DMCA claimed content.

To prevent this, all you have to do is upload encrypted data rather than the real content to the cloud provider. This can be done very simply by creating a Veracrypt encrypted container, filling it with your files and uploading the container. To gain access to your files, Dropbox would need to figure out they are in a Veracrypt vault. They would then need to guess the password, then grab the files from it. This can be super secure, but quite a bit inconvenient. You would need to download the file, decrypt it, add the files, and reupload the Veracrypt container. Another option is individual file encryption using Microsoft Office’s built in password protection or a program like Encryptor that encrypts single files.


In comes Boxcryptor, a direct interface to Dropbox or any other cloud storage provider. Boxcryptor allows you to upload and encrypt files to Dropbox straight from your desktop. The encryption is done in the app before your files ever touch Dropbox’s server. You don’t need to worry about Dropbox reading your files. In fact, if you log directly into Dropbox and try to open a file, it won’t open. Your files can only be accessed from within the app, unless you decrypt your files. This gives you a safe way to access your files with the convenience of Dropbox. The free version of Boxcryptor allows you connection to one cloud provider and up to two devices on the same account. Paid versions of Boxcryptor give you unlimited cloud providers on unlimited devices and adds filename encryption.


Encryption is done with a combination of AES and RSA, two pretty well known standards. If a file was successfully decrypted, it wouldn’t compromise the integrity of your other files. This is done by encrypting each file with a different key. Furthermore, Boxcryptor claims zero knowledge encryption by keeping the user’s private key stored on their device in an encrypted form. Once the user enters their password, the private key is decrypted and used to decrypt the user’s symmetric file keys. Basically, they are encrypting a key with a password. That key opens a chest full of passwords that are then used to decrypt your files. It sounds super complicated, but it boils down to one thing. As long as you choose a fairly strong login password, they can never access your files. For full details, Boxcryptor lays out exactly how things work here: https://www.boxcryptor.com/en/technical-overview/

Is it worth the trouble?

This is a very easy and free way to drop backups of files that are near and dear to your heart. This may not be a very efficient way to backup your computer mainly due to the low storage space on free plans. This is a good non-attributable way to send or drop files for either a pickup from another person or a way to access some files in another location. Boxcryptor also supports Nextcloud, so if you need an extra layer of security on a custom built Nextcloud server, this would provide it. Overall, it’s another tool in the tool belt and we will definitely be exploring file transferring tactics using Boxcryptor and Dropbox in future classes.

Questions, Comments, Concerns?

Feel free to leave us a comment below letting us know what you thought of this article!


Leave a Reply

Your email address will not be published. Required fields are marked *