Archive for the ‘Oneiric Ocelot’ Category

Using Cloud storage safely – encrypt & sync with Ubuntu

October 30, 2011 Leave a comment

The advent of “The Cloud” has meant that there are now services available on the internet for many of the tasks which traditionally would have been tackled by systems within your company or home.

One of the most basic is the storage of files on the internet which synchronise with a folder on your computer.  Although there are many examples, I am going to use a free 5Gb Ubuntu One (U1) account to keep my secret files backed up offsite.

When it comes to backups, there are a couple of issues that need to be addressed.

  1. If you backup to an external hard-drive, what happens if someone steals it?  Do they get access to your personal information?
  2. What if the house burns down? Do you lose both the original store of that information on the PC as well as the “safe” backup on the external hard drive in the same room?

I suspect that for most people the answer to both of those questions is yes.  It does not need to be and GNU/Linux allows you to fix these issues relatively easily.  I don’t know whether it can be done on Microsoft Windows or Mac OSX, you’re on your own there. 🙂

I have a PC with Ubuntu 11.10 “Oneiric Ocelot” installed.  As usual, I have a “home” folder for my own account but because there is no encryption on those files by default, anyone who gets their hands on my PC or external hard drive can read my files.

So this is what I did…

Install the package ecryptfs-utils with support for encfs to add an encrypted folder under your home folder called “Private”.

Open up a terminal window and execute the following command

sudo apt-get install ecryptfs-utils encfs

Then run the following command to create the Private folder


This will ask you for your login password/passphrase and will then create for you a mount passphrase which you should record somewhere as it is the key to decrypting your secure data in future.

(Hint, don’t just stick it in a text file in the same folder. Nature has a way to stop this sort of behaviour a.k.a. “Natural Selection”.  You could backup the folder ~/.ecryptfs as it contains the mount passphrase wrapped up by your login password.)

At this point there is a folder called “Private” in your home folder which looks much like all the other folders.  The difference however, is that every file or folder you place in there becomes encrypted and stored in a hidden folder called “.Private” (note the initial fullstop/period in that name).

In fact, the data is ONLY stored in that .Private folder and it is your mount passphrase that decrypts it and allows you to interact with the files through the Private folder. The .Private folder is what you can safely store out on the internet because nobody can decrypt it without your mount passphrase.  What we will do next is synchronise this folder to be stored out on a cloud file storage service.  I’ve chosen UbuntuOne but you could just as easily use Dropbox

Now this is where the fun starts…

Sign-up for an UbuntuOne account

or Dropbox here (using my referral)

Ubuntu One software is already included with Ubuntu, for other services you will need to install some software e.g. Dropbox client software.

Launch the Ubuntu One software from the Unity launchbar on the left of your screen in Oneiric. Once you have logged in, you will see that the “Ubuntu One” folder in your Home folder is automatically synchronised.  Now I am sure that the nice people at Canonical would not sift through your files or that they’d make a technical error that allowed your files to be seen by all and sundry on the internet.  But with this approach, we don’t have to worry.

In the Ubuntu One software, you need to add the .Private folder (the one starting with the period, remember?) which contains encrypted gobbledygook so that it gets synchronised from your PC to your 5Gb Ubuntu One (U1) account. To accomplish this, right click on the folder in Nautilus (the normal file explorer in Ubuntu) and choose the menu option for Ubuntu One to “Synchronise This Folder”.

If you like, you can login to the U1 website to check the progress of the upload.

Once that is completed synchronising, you will have your files safe and secure on the cloud in case you lose your primary source of those files.  Every time you edit one of those files or add another, they will immediately be encrypted and synchronised with that U1 account.

The mount passphrase is essential in getting access to that data so DO NOT SHARE OR LOSE IT.

If you want to retrieve that data on another Ubuntu machine, then merely setup U1 as before using the same account details. You will probably need to click the checkbox in the U1 software, “Cloud Folders” tab for the .Private folder to be downloaded to this new machine. (CAUTION: It is not necessary to perform the step earlier to create the Private folder on this second machine using ecryptfs-setup-private.  In fact, if the Private folder already exists on this second machine, don’t do this because encryption is already setup and you’re probably overwriting some other encrypted data.)

Give it some time to synchronise and run the following command in a terminal

sudo mount -t ecryptfs ~/.Private ~/Private

Enter your mount passphrase and you should be able to see your data in the Private folder.

Some additional things to note.

If you need more than the free 5Gb, you can pay for more storage.

Software clients exist for many operating systems (Windows, Android smartphones etc) but you will need a means to decrypt the data when you want to read or edit it. This guide assumes that we are only using Ubuntu 11.10.  Hint: For Android check out the boxcryptor application with a Dropbox account as it has encfs support and is well integrated with Dropbox.  I prefer to use free software and will keep an eye out to promote an Android solution in future.

I hope this helps explain how to protect yourself from data theft or loss by using readily available cloud services.  If you require further explanation, please let me know and I will try to clarify.