What is Dropbox Client Side Encryption and How Does it Work

Dropbox Client Side Encryption is a feature that allows users to encrypt their files on their own devices before uploading them to Dropbox. This means that Dropbox can't access the decrypted files, only the encrypted ones.

The process starts when a user enables encryption on their Dropbox account. This creates a secure key that's stored locally on the user's device, never on Dropbox's servers.

This key is used to encrypt files before they're uploaded to Dropbox, and only the user's device can decrypt them. This keeps the files safe from unauthorized access, even if Dropbox's servers are compromised.

Dropbox Client Side Encryption supports files up to 16 GB in size and is compatible with most file types.

Dropbox has acquired key assets from Boxcryptor to add zero-knowledge encryption to its own product.

Effective immediately, no new Boxcryptor subscriptions can be purchased, but current license-holders can finish out the remainder of their contracts.

Dropbox already encrypts files with the industry-standard AES-256 cipher, but this encryption only applied to third parties - Dropbox held the necessary keys to view files stored on customer drives.

The Boxcryptor acquisition is meant to remove that possibility, providing true "zero-knowledge" encryption for Dropbox Business users.

Here are the key details about the Boxcryptor acquisition:

Dropbox is acquiring Boxcryptor's key assets, but the deal is being described as more of a partnership than a traditional acquisition.

Boxcryptor is a zero-knowledge encryption service that lets you encrypt your Dropbox files, and works with over 30 other cloud storage platforms.

Before the acquisition, users could independently encrypt their files with Boxcryptor and shop around for cloud storage, but now new users can only subscribe through Dropbox.

It's uncertain how Dropbox will integrate Boxcryptor's assets into its service, and whether it will slow down customers when they sync or share files.

Dropbox's decision to acquire Boxcryptor's key assets might change the way it approaches encryption, potentially making it more secure but also less convenient.

Dropbox is acquiring Boxcryptor's "key assets", but what does that really mean? Dropbox is a cloud storage service that allows users to store files in the cloud and retrieve them from other devices.

Dropbox's key selling point is its speed, partly enabled by its use of block-level copying to sync files between devices and the cloud.

This means Dropbox servers only sync the parts of the file that changed, as opposed to syncing the entire file every time, like Box, Google Drive, and others do.

By forgoing zero-knowledge encryption, Dropbox keeps a copy of every user's encryption key for faster access, making it more convenient but less secure.

With the acquisition of Boxcryptor, that might change, bringing a more secure option to Dropbox users.

BoxCryptor can encrypt your Dropbox files, and it works with over 30 other cloud storage platforms, including Google Drive and OneDrive.

If you encrypt your files before uploading them to the cloud, Dropbox can't read them, which means you'll miss out on the brisk speeds of block-level sync.

BoxCryptor provides a zero-knowledge service, which is a type of end-to-end encryption software that lets you encrypt your files independently.

The acquisition of Boxcryptor by Dropbox has changed how users can access the service, now requiring new users to subscribe through Dropbox.

All encryption comes with a speed cost, which is why virtual private networks slow down your internet.

Dropbox uses industry-standard 256-bit Advanced Encryption Standard (AES) encryption, making your files virtually unbreakable.

Encryption is the process of using complex algorithms to scramble data, and Dropbox employs this process at multiple stages. This means that your files are protected by a robust layer of protection, safeguarding them even if someone gains unauthorized access to Dropbox's servers.

Dropbox's encryption practices are designed to protect your data from unauthorized access, and they offer several advantages to its users, including protection from data breaches and safeguarding against unauthorized access.

Here are the key benefits of Dropbox encryption:

Dropbox's encryption practices also ensure that your files are encrypted in transit, using secure protocols like SSL/TLS, which is like building a secure tunnel for your data to travel through, shielded from prying eyes.

Dropbox Business users will have access to zero-knowledge encryption, but it doesn't cover all use cases. Anyone who just uses a Dropbox account for private storage or sharing among friends will have to accept that the company has access to their private files.

Dropbox's support staff was evasive when asked for details about the implementation features. We can't say exactly what "key assets" Dropbox has purchased from Boxcryptor.

If you're looking for more control over your data encryption, consider using client-side encryption software. This allows you to encrypt files before uploading them to Dropbox, ensuring that even Dropbox itself can't access the unencrypted version of your data.

As a Dropbox user, you're probably wondering how this new encryption feature will affect you. Dropbox's new zero-knowledge encryption only applies to Dropbox Business users, not personal accounts.

If you're a Dropbox Business user, you'll get the added security of a fully encrypted account, but if you're just using Dropbox for private storage or sharing with friends, you'll still have to accept that Dropbox has access to your files.

Dropbox's new encryption feature is a tool to "ensure customers can protect their content however they choose", but it's not clear what implementation features you'll see, since the details are still unclear.

For now, if you want to keep your files completely private, you'll need to use a third-party software like Cryptomator, which is considered the best alternative to Boxcryptor.

It's also worth noting that Dropbox's encryption has some limitations, including the fact that while your data is encrypted at rest, Dropbox theoretically has the ability to decrypt it with the necessary keys. This is something to keep in mind when deciding whether to use Dropbox for sensitive files.

If you're looking for more control over your data security, you have alternatives to consider.

One option is to use client-side encryption software, which allows you to encrypt files before uploading them to Dropbox. This ensures that even Dropbox itself cannot access the unencrypted version of your data.

Using client-side encryption software requires additional software and can introduce some complexity.

Another option is to use self-hosted cloud storage solutions, which offer complete control over data encryption. However, this requires significant technical expertise to set up and maintain.

For those who want to explore these alternatives, here are some key points to consider:

Private key management is crucial for secure cloud storage. Dropbox may use an opt-out system where your files are encrypted automatically with a private key.

Sync.com's full end-to-end encryption applies to all files on an account, both stored and in transit. This is a good example of how private key management can be done effectively.

Dropbox may charge extra for private key management, as Boxcryptor already does. This could be an additional cost for users who want enhanced security.

We don't know for sure how Dropbox will implement private key management, but it's likely to be similar to Sync.com's opt-out system. This will depend on how they balance security with classic Dropbox perks like file previewing.

Dropbox doesn't provide the option to create your own private keys, but you can still use third-party encryption apps.

These apps will remain available even after Boxcryptor fully integrates with Dropbox Business.

One option is Sookasa, an app that adds zero-knowledge encryption to cloud storage that doesn't provide it natively.

Sookasa currently only works on Dropbox and Google Drive, but it makes securing those two services easy.

To use Sookasa with Dropbox, you simply store files in the Sookasa folder within your Dropbox folder.

Files stored in the Sookasa folder remain encrypted until you decrypt them manually with the Sookasa app.

Installing Cryfs is a breeze, thanks to the installation script they provide. You can download it by running the command `$ wget -O - https://www.cryfs.org/install.sh | sudo bash` in your terminal and entering your sudo password when prompted.

This script will add Cryfs' repository to your list and install the necessary packages, including `cryfs` and `libcrypto++9v5`. If you don't want to add their repository, you can also download the `.deb` file from their download page.

To verify the installation, run the command `$ cryfs -v`. You should see output indicating that Cryfs is installed correctly.

You'll also need to create a base directory for Cryfs to store data and configurations. I use a folder named `cryfs-basedir` in my Dropbox folder, which syncs with Dropbox's server. To create this directory, run the command `$ mkdir $HOME/Dropbox/cryfs-basedir`.

This directory will store encrypted data, so it's best not to modify it manually.

To set up the mount point and password, run the command `$ cryfs $HOME/Dropbox/cryfs-basedir $HOME/cryfs-decrypted`. This command will also mount the encrypted directory.

If you answered 'n' to the question "Use default settings?", Cryfs will prompt you with options for different block sizes and block cipher algorithms.

Here's a step-by-step guide to using Cryfs:

That's it! From now on, any files you put into the encrypted folder will be encrypted, and Dropbox won't be able to access them without your password.