_(This is my first Howto blog on Steemit, please comment so I can improve my writing, thanks in advance. If you don't need to know the background, you can jump to part II, step by step how-to starts from there.)_
# Part I. Introduction
![top](http://i.imgur.com/yCnCMmV.png)
**Dropbox** is one of the oldest commercial cloud storage service provider who survived the early _**Cloud bubble**_(we are now in the _**Blockchain bubble**_...). 
######
I personally have used both Dropbox and Google Drive and chose to stick with Dropbox as my main cloud storage since Google Drive doesn't even have an official client for **Linux** (I still use Google Drive on my phone and Mac), not to mention that the native **Gvfs** implementation for Google Drive comes with most Linux distributions is slow as hell (no disrespect to the developers, it's Google's issue).
######
Dropbox in other hand offers a Linux client from _**almost day one**_. They are also one of the first who adopts the concept of **["Referral Marketing"](https://www.blurgroup.com/blogs/marketing/how-dropbox-mastered-referral-marketing/)** and gained a tremendous user growth/success with it (they used to give away up to 32 GB referral bonus for life). 
######
One of the concerns about traditional cloud storage is _**Security and Privacy**_. This is also the reason **blockchain technology** is very attractive right now thanks to its _**decentralized**_ model. 
######
Dropbox however still operates a _**centralized system**_, like most of other free online storage providers, there is no _**client-side encryption**_ (Google and Dropbox both only offer server-side encryption and encrypted data transferring, **[SpiderOak](https://spideroak.com)** isn't free). 
######
Compare to Google Drive, Dropbox also has a somewhat _troublesome_ security record. Wikipedia even has a dedicated entry titled **_["Criticism of Dropbox"](https://en.wikipedia.org/wiki/Criticism_of_Dropbox)_** about all the issues Dropbox has had in the past.
######
(To find out more about how Google Drive and Dropbox encrypts users' data, give this _[virtru blog](https://www.virtru.com/blog/dropbox-encryption/)_  a read.) 
######
The fact is I wouldn't trust either of them when it comes to protecting my privacy, the reasons for me are more political rather than technical (NSA, _**[Snowden's comments](http://www.zdnet.com/article/after-snowden-slams-dropbox-twice-ceo-responds-its-a-trade-off/)**_, "1984"...).
##
So why do I stick with Dropbox? The main reason is its popularity. Too many friends use it, same as lots of my clients. Which is understandable; a lot of business apps have _**[better integration](https://www.dropbox.com/business/app-integrations)**_ with Dropbox ) since it uses Microsoft Office online as its online collaboration tool (the ambitious online editing tool **"Paper"** is still in open beta). There are lots of middle and small sized company uses their paid services. According to _**[this report](https://blog.cloudrail.com/cloud-storage-report-2017/)**_ , although in decline, Dropbox still owns almost half of the market share of online storage. 
######
I am in no way adverting for Dropbox here. I believe in the future cloud storage solutions will be based on blockchain technology(**[Storj.io](https://storj.io/) , [Siacoin](http://sia.tech/)**), but unfortunately, we are not there yet, large legit centralized online storage providers like Google and Dropbox still have many advantages in **stability, pricing(still can be free if you don't count in the data mining they did on you)** and **maturity** in both _**user experiences and business adoption rate**_.
######
However, as a _"die hard Linux fanboy"_, it is not necessary to compromise my privacy in order to keep using these centralized services. **In my opinion**, a simple **client-side encryption** is sufficient enough for personal privacy protection. _As long as the data is encrypted before being sent to the server, and only decrypted after being pulled off the server_.
######
To achieve such goal,  there are quite a few options since _**cryptography**_ and _**data encryption technologies**_ have been around for a long time. Wikipedia has a [long list of encryption software](https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software) you can check out. 
######
Since my only requirements are:

1. **_Works well with the cloud, and;_** 
2. **_Linux friendly._**

My eyes were landed on two candidates, **Cryfs** and **Encfs**.
######
**[Cryfs](https://github.com/cryfs)** is a fairly new open source encryption software released under **LGPLv3**. Initial release was in 2015, the algorithm of choice is **Scrypt** (Litecoin, Dogecoin shutout). This gives it several advantages compared to other options. 
######
First of all, it was designed to _work with cloud storage_, in the developer's own words:
>"Since all of the solutions above have significant disadvantages when used with Dropbox, we developed CryFS. Like all other solutions described here, it offers a virtual filesystem and you can work with your files without thinking about the encryption that is happening in the background. While it can also be used for local encryption as an alternative to the other tools listed here, it was built specifically to be used together with Dropbox or other cloud storage providers. "

In addition to better performance with cloud storage, the software also manages to 
>"not only to keep file contents, but also file sizes, metadata and directory structure confidential."

On the default settings, Cryfs cuts the all the files and metadata into small encrypted blocks with the size of 32 KB and then store them using their in-house developed **"left-max-data trees"** to construct and index the file system. Such design is, in theory, proven to have minimal space overhead and allow fast file-system operations.  The Cryfs implementation shows that such file system is not only fast but also practical. 
######
The main developer _**Sebastian Messmer**_ did publish his master theory _["CryFS: Design and Implementation of a Provably Secure Encrypted Cloud Filesystem"](https://www.cryfs.org/cryfs_mathesis.pdf)_ to explain the design in details, give it a read if you want to learn more about Cryfs.
######
Currently, at _beta_ stage, not all its planned features are implemented, as stated on their [website](https://www.cryfs.org/howitworks):
>"The current version **meets all security goals** regarding confidentiality of file contents, size, metadata and directory structure. The **integrity goals** mentioned in the thesis are **not fully implemented yet**. The current version protects the encrypted blocks from being modified by an attacker, since it uses an authenticated encryption scheme like aes-256-gcm. However, it doesn't prevent an attacker yet from rolling back the filesystem by replacing blocks with an earlier valid version of the same block. This issue will be addressed in future versions."

The other drawback for me is currently **only Linux and Mac(through _[homebrew](https://github.com/cryfs/homebrew-tap)_)** are supported. At the time this article been written(July 2017), no Windows implementation is found. 
######
**[Encfs](https://github.com/vgough/encfs)** is a much older piece of software (since 2003), because of that it didn't follow certain rules now we see as standard in its category. It does work well with the cloud and also has much better **Windows** support (take a look at **[Safe](www.getsafe.org/about)** and **_[this question on Superuser](https://superuser.com/questions/179150/reading-an-encfs-volume-from-windows)_**). The project moved to **Github** in 2014 and still in active development, but I wouldn't recommend it until a version 2 overhaul comes out. To find more about _Encfs' security concerns_, I recommend reading  **[this audit](https://defuse.ca/audits/encfs.htm)**.
######
Enough of the introduction, now let me demonstrate how to use Cryfs to encrypt Dropbox contents and share them across different accounts on Ubuntu 16.04.
## Part II. Install and use Cryfs with Dropbox
######
(I assume you already have Dropbox client installed and linked. If not, head to [this page](https://www.dropbox.com/install-linux) and follow the instructions to install it.)
##
**1. Install Cryfs**
######
Installation of Cryfs is very straightforward with the installation script they provided. In a terminal run following command and enter your sudo password when prompt:

```$ wget -O - https://www.cryfs.org/install.sh | sudo bash```

_(This script will put Cryfs' repository into your repository list and install two packages: cryfs and libcrypto++9v5 , if you don't want to add their repo you can also get the .deb file from their [download page](https://www.cryfs.org/#download))_
######
Verify the installation with the command:

```$ cryfs -v```

you should see output like this:

![Cryfs-version](http://i.imgur.com/TSlqTE1.png)
######
**2. (optional) Backup your dropbox folder**
######
Make sure your dropbox folder is fully synced first!
Assume your dropbox folder locates at ```$HOME/Dropbox``` (default Dropbox folder):

```$ cp -rf $HOME/Dropbox $HOME/Dropbox-backup```

Wait till the cp process finish its job if your folder is large.
######
**3. Setup encryption directories**
######
Cryfs need a _base directory_ to store data and configurations, you need to make one in your Dropbox folder(so it syncs with Dropbox's server), I am using the folder named ```cryfs-basedir``` in this example.

```$ mkdir $HOME/Dropbox/cryfs-basedir```

This directory will be used by Cryfs to store encrypted data, so in general, you should not modify it manually.
######
**4. Setup the mount point and password.**
######
Suppose you want to use```cryfs-decrypted``` as the mount point:

```$ cryfs $HOME/Dropbox/cryfs-basedir $HOME/cryfs-decrypted #This command is also used to mount```

Here's another sceenshot:

![cryfs-setup](http://i.imgur.com/FnvJ0Dd.png)
######
If you answered 'n' on the question "```Use default settings?```" Cryfs will prompt you with options of different block sizes (**default** _32kb_) and block cipher algorithms(**default** _aes-256-gcm_). 
######
Now the encrypted directory is mounted. You can start to move files you want to encrypt into the mounted directory.
######
**5. Encrypt your data**
######
To speed things up a little bit, I made a simple gif to demonstrate the process:

![demo](http://i.imgur.com/5DG3XCS.gif)

Here is what I did there:
######
1. _List current directory._
2. _copy the file ```anonymous.jpg``` into mounted container directory ```$HOME/cryfs-decrypted```_
3. _Make sure the file is copied._
4. _List the content of the encrypted directory, in this case, it's  ```$HOME/Dropbox/cryfs-basedir```.
Notice that you can see all the block directories and a binary config file ```cryfs.config``` there._
5. _Unmount the encrypted directory, with the ```-z``` option, ```fusermount``` makes sure all data has been processed before it unmounts. Notice that the mount point ```cryfs-decrypted``` is empty now._
######
That's it, from now on for every file you put into the encrypted folder, Dropbox has no way to extract any info from it without your assistant. The encrypted directory ```cryfs-basedir``` can be mounted on any system runs Cryfs.
######
You can set up a simple bash script to run the Cryfs command with a terminal (to enter password) and put it in the "Startup Applications" in order to auto-mount at login.
## Part III How about GUI?
######
There are many GUI frontends can handle Cryfs, the most popular one for both Linux and MacOS right now is called **[Sirikali](https://mhogomchungu.github.io/sirikali/).** Be aware this is just a graphical frontend, it can handle multiple encryption formats but you _**need to have the actual encryption program (like Cryfs or Encfs) installed**_ in order for it to work.
#####
To install Sirikali on ubuntu 16.04, type in terminal:
```
$ sudo sh -c "echo 'deb http://download.opensuse.org/repositories/home:/obs_mhogomchungu/xUbuntu_16.04/ /' > /etc/apt/sources.list.d/sirikali.list" 
$ sudo apt-get update
$ sudo apt-get install sirikali
```
######
Here is their [repository page](https://software.opensuse.org//download.html?project=home:obs_mhogomchungu&package=sirikali) in case you need it for other distros.
######
Since I don't use it often, I just made a couple of screenshots to demonstrate how to add the encryption folder as a favorite so you can use Sirikali to automount it.
######
![sirikalisetting](http://i.imgur.com/NjalDXp.png)

Frist make sure to check "**Reuse Mount Point**" in the menu, otherwise, Sirikali will complain if the mount point folder has already existed (We made the folder in last Part).

Then we can add the encrypted folder as a favorite and tell Sirikali to automount it. Be careful here when put in the mount point folder, Sirikali likes to create its own mount point (```$HOME/cryfs-decrypted/cryfs-basedir``` instead of ```$HOME/cryfs-decrypted```). So make sure you edit it like I showed here in the next screenshot.

![Setfav](http://i.imgur.com/IyNaQC7.png)
######
After set favorite you can configure Sirikali to mount/automount with varies options, for more information you can visit the project's **[Q&A page](https://github.com/mhogomchungu/sirikali/wiki/Frequently-Asked-Questions)**.

## Part IV Conclusion
######
I hope this blog can help everyone who uses Dropbox and wants better protection of his/her data in the "_Cloud_". With **Linux** and **Open Sourced Software**, there's always a solution. If you have any questions or suggestions, please leave a comment, I will be glad to  upvote them! ^^
######
##
And
## One more thing... 
######
You can also share the encrypted folder with other Dropbox users. Normally when you share a folder in Dropbox, both you and the person you shared with will have the same folder downloaded locally and sync with each other. You can do the same to a _Cryfs encrypted folder_.
Just make sure other user have the **password and Cryfs installed** on his/her machine, so he/she can properly mount it locally.