Android Btsync Folder Encyption

[advhound]

What are the best solutions you all have found to encrypt the folder the BTSync files are stored in? I have a good amount of files that are sensitive and I need to make them a bit more secure. I'd like something that protects well, but is not overly obtrusive or resource intensive. I am not all that familiar with the encryption world, so I am curious to hear your solutions. ES File explorer is able to encrypt the folder, but once it is decrypted, you have to manually re-encrypt the folder. I currently am encrypting my files on my Windows machine with BitLocker. Is there a encryption solution that you have used that protects the files cross-platform?

[lnh]

EDS is an Android encryption app which can be used to create and use encrypted file containers. The paid version has more features than the free, and if you're rooted you can even do more. EDS is compatible with TrueCrypt and VeraCrypt containers as well as several other formats. You do have to pay attention to the encryption and hash methods supported by EDS. Containers created by desktop software (i.e. TrueCrypt or VeraCrypt) are compatible with EDS as long as those methods are common. Not the most pretty or user friendly program you'll run into, but it does the job. The way it works is you open the encrypted container using a password and it then brings up a built-in file explorer showing what is in the container. You work on those files however you like, and then when you close the container everything is automatically buttoned back up.

 

Technically, you asked about encrypting a folder, and what I'm describing is a container file which would sit in a synced folder. BitLocker is not compatible with EDS and I'm not aware of any compatible Android solution. TrueCrypt and VeraCrypt are both available on PCs, Macs and Linux. The author(s) of TrueCrypt stopped development earlier this year, but the downloads are still available and the public audit of TrueCrypt has yet to find any show stoppers which makes it a completely unsatisfactory solution. VeraCrypt is essentially the exact same UI as TrueCrypt, but is still being actively developed. VeraCrypt and TrueCrypt containers are not compatible with each other, and I've found VeraCrypt containers noticeably slower to open on both Windows and Android vs TrueCrypt. I believe there is also an implementation of the Linux LUKS setup on both Android and Windows, but don't know much about it.

Edited November 6, 2014 by lnh

[piotrnik]

you could try enabling a whole-disc encryption for your android phone (like bitlocker on windows). I think that would be your best bet to making a sync share that is encrypted on both sides and yet still accessible and transparent to sync. 

[goli]

Hey there.

 

I prefer EncFS all over the place. It's a per-file encryption, so no need to synchronize huge containers, no need to provision huge containers just in case the data might grow and a lot easier sync since file system locks are done on a per-file level as well, where encrypted containers like TrueCrypt used to be one hold one single lock on the container until it is closed. And ontop of that you can even use the archive feature (limited by the fact that with enabled file name encryption archived files aren't that easy to match, but, well, ...) and use its benefits.

So going for EncFS makes live easier in so many areas.

 

On my Windows computer I run "BoxCryptor Classic" which basically implements a strong subset of EncFS. I tried the Windows port for EncFS (encfs4win) and used that for nearly two years, but that seemed to have stopped a couple of years ago in a pretty unstable phase. So I moved to the payed version of BoxCryptor in ordre to have encrypted fine names and I am fine since then. But make sure to use the "BoxCryptor Classic" one. The new version is *not* compatible to EncFS and thereby requires the according BoxCryptor programm on every remote host which wants to access the encrypted data. And the new version is a pay-per-year thing where the classic version is a one-time-pay.

 

On my android phone I use "Cryptonite". That just works because the "BoxCryptor Classic" data is *just EncFS* and Cryptonite is, too.

 

On a rootet android phone, "Cryptonite" can mount (!!) the encrypted share to an arbitrary folder where every other android program can access its data natively.

On non-rootet android phones you have to use the file browser integrated in Cryptonite, pick a single file and open it with the according android program.

So having root is much more convenient since it's simply 100% transparent.

 

My setup looks like this:

 

Encrypted Folder:

.encfs6.xml (file containing decryption information, required for decryption but not sufficient, you still need your password)

abcdefg (encrypted version of "Musyc"), so it contains the encrypted data of my music

hijkl (encrypted version of "Private"), so it contains the encrypted data of my private files

mnopq (encrypted version of "Business"), so it contains some encrypted work data

 

I have "abcdefg" as one btsync share. It's distributed to my personal computer, my rooted android phone.

I have "hijkl" as another btsync share, distributed to my all of my personal computers, my android phone and my work computer.

I have "mnopq" as third btsync share, distributed to my android phone and my work computer.

 

The .encfs6.xml file is not part of any share, so one essential part to decrypt data is *not* transfered to any remote host by any sync tool.

 

So when encfs runs on my personal computer, it has one decrypted folder containing Music and Private.

When encrs runs on my android phone, it has one decrypted folder containing private stuff, business stuff and music.

When encrs runs on my business computer it has one decrypted folder contianng Private and Business.

 

 

Advantages of this:

• only one password for all of thos shares
• different shares per task, distributed on different host where they are demand

 

A couple of weeks ago I switched from Samsung Galay S2 with Cyanogenmod and root to a Sony Xperia Z3 Comapct without root. So I lost the transparent decryption feature and was forced to move my music out of the encrypted share in order to make it appear in my androids music player app. But I can live with that. My personal stuff like ssh keys or Keepass database file are still inside of the encrypted folder.

 

Would be pretty awesom if Android provided API access to something like FUSE. But unfortunately I never heared of such a thing.

 

Regards,

Stephan.

[advhound]

Thank you for your input @Inh and @goli I am looking through the solutions you have recommended.

[ChrisH]

+1 for EDS.