We let our Documents sync to the cloud, download themselves on all of our PCs, and trust that no single person besides ourselves can ever see those files, unless otherwise intended.
This may be true that “only you” can see what’s in your Dropbox and other cloud storage, but in reality, your cloud storage has so many gateways that it’s easy to accidentally leave one open, such as a shared home computer. Not only that, but your cloud storage provider could see your files if they wanted to.
But isn’t my cloud storage already encrypted?
Good question, and yes. Your cloud storage such as Dropbox and OneDrive encrypts data while it is in transit as well as in rest on the servers in their data centers.
The encryption in place on their file systems is securing your data from other parties and intruders, however the owner of the servers can effectively see any of your data if they needed to because they are the key holder.
A good solution to secure your files hosted in the cloud is to put them in encrypted containers. You may keep personal information such as financial, identification, and more. You must understand that these files will not be “readily available” (which is a good thing) in that you must mount the container from your dropbox to your Windows PC before you can access any of the files. You can’t open the container or add any files to it from mobile devices, unless it’s a windows tablet.
Will this work for any cloud storage?
The short answer is no.
This is because unlike most cloud storage providers, Dropbox has an advanced differential sync algorithm which only syncs the parts of the file that change. This helps in our scenario because we will be frequently modifying a large file, and having to re-upload that file repeatedly would be too cumbersome to be worth doing.
Note that if you have a cloud sync software which does differential sync, you can do this with them instead of Dropbox.
Step 1: Install Dropbox
Install dropbox if you haven’t. You probably should already have it.
Step 2: Create VHDX Container (Virtual Disk)
I’m going to be creating a 10GB container. This should be sufficient because I have 30GB storage in Dropbox and if the container ever has a sync conflict, I would like to be able to hold on to the conflict.
aka Disk Management
– Create VHD
The encrypted container we are creating is a Windows VHD (virtual hard disk). Create this in the disk management console:
Action > Create VHD
A window will pop up where you can configure the VHD settings.
Here’s what I did for mine:
- Virtual hard disk size: 10GB
- Virtual hard disk format: VHDX
- Dynamically Expanding (just in case)
You’ll then see an un-allocated volume in your disk management console:
– Initialize the VHDX
Right click your new disk and “Initialize Disk”
I’m using GPT partitioning but if you want to maintain compatibility with legacy Windows OS then you can use MBR.
Now it shows as simply unallocated:
Here is where we format the container’s file system.
Right click your virtual disk and select New Simple Volume
A wizard will appear…
– Configure mount settings
This is where you define the drive letter your container will mount to your PC.
You should also give the VHD a Volume label too, such as “secure” or “encrypted”.
I’ve got a functional VHD mounted to my Windows PC.
Step 3: Encrypt the VHDX
By now you should have the Virtual Disk mounted.
We still need to encrypt this to make it secure.
- Open “This PC” and right click your mounted container.
Turn on BitLocker
We will be using BitLocker to encrypt the container with a password.
Right click your mounted drive and “Turn on BitLocker”.
Set a password.
You will need to use this every time you mount your drive to your PC.
It should finish almost immediately since you don’t have any data to encrypt in the container.
The VHDX file itself is almost 400mb without containing any of my files:
– Unmount the drive
If you don’t unmount it, you can’t move the container to your Dropbox.
We want to do that next.
– Move container to your Dropbox folder
Just drag and drop it in there.
Let this upload
When it’s complete, re-mount the VHDX to your computer from within the Dropbox folder.
You’ll be presented with a message:
Should you browse to your explorer without unlocking the drive, you will see the drive locked:
You may unlock the drive within Windows Explorer
Enter your BitLocker password at the prompt
Now your VHDX encrypted volume on Dropbox is mounted to your computer as a Local Disk.
Your set-up of the encrypted container is complete!
1. Drag and drop a file inside the container you mounted.
2. Eject (unmount) it from your computer
3. Let Dropbox Sync
- Every time you open and close this Container, anticipate that it will sync a small amount of data.
- this is a differential sync, so instead of re-uploading the entire VHDX, it only uploads the changes.
- this is helpful under any circumstances in our scenario, whether you are only encrypting small documents or you are encrypting large archives within your container.
4. Mount the container to your PC
If you have another PC, let Dropbox download the VHDX and mount it on that PC.
Otherwise, when the sync shows successful , mount the VHDX back to your local machine.
Look at the contents and you will see your file(s).
Mount the container only on one computer at a time.
- It will conflict if it changes on more than one computer
- Eject after use, or it could conflict
- Please allow to upload after use/ejecting.
Remember that you cannot access these files in any way except for a PC or software that can open encrypted VHDX.