1. 11

  2. 2

    I do have sensitive files on my cloud storage, and never got around to figuring out an ergonomic solution for my needs, so thanks for writing this!

    I also like the proposed solution, to use PDF encryption, but how secure is it? And can you put arbitrary files into a PDF?

    1. 2

      Although you might be able to put arbitrary files into a PDF, I’m not sure why you’d want to do that. The point of converting the images/docs to PDF is so that you can still work with them on other devices including your phone (previewing, printing) without special software.

      If you need to encrypt files that don’t need to be previewed so to speak, I would use OpenPGP as it’s very straightforward to encrypt any file.

      With how I lined out the instructions, qpdf (for Linux or Mac) you get full AES 256 bit which is good enough for top secret government data Office 2013 uses AES 128 bit which is still very good and virtually unbroken “would take billions of years to brute force on current hardware” and the newest versions of Office (2016+ AFAIK) use AES 256 bit.

      Obviously, the strength of your password plays a crucial role!

    2. 2

      I use cryfs for this, it’s a transparent fuse filesystem that maps one folder with plaintext (don’t store this in dropbox) into another folder with a bunch of cyphertext blocks (store this in dropbox).

      Doesn’t (yet) work on windows, not sure about mobile, but it’s pretty painless.

      1. 1

        Although I’d prefer having everything encrypted client-side, this would break all the Dropbox functionality on my phone – hence I went with something in between. Thanks for sharing your interesting setup!

        1. 0

          That looks incredibly painful. There’s no way it works on anything but a Linux desktop.

          1. 3

            Should work on mac to… but I live my life on linux desktops so that’s good enough for me.

            Keep in mind that the alternative we are comparing to is “manually click a bunch of buttons to encrypt a PDF for anything you want to keep secure”.

        2. 1

          Cool idea, OP. I automated your solution in a bash function.

          encrypt() {
              filename=$(basename "$file")        # get filename without path
              ext="${filename##*.}"               # get file extension
              name="${filename%.*}"               # get filename
              directory=$(dirname "$file")        # get directory path
              if [[ $# -eq 1 ]]; then
                  read -s -p "Encryption password: " filepasswd
                  qpdf --encrypt $filepasswd ' ' 256 -- "$file" "$payload"
                  echo -e "\nEncryption successful!"
                  echo "Missing parameter or wrong syntax. Needs one file name."
                  echo "encrypt file"