Hallo friends,
I tried to encrypt a file located in my Dropbox account. I went to File->Properties->General->Advanced->Encrypt contents to secure data.
After I did what I did, the file had a golden locker icon attached on it. I opened my other laptop and after Dropbox updated the file to its new version, I tried to open it expecting to see nothing of use. Guess what. I could read my text file crystal clear.
So what happened here? Am I doing something wrong?
EFS encrypts files as they are stored on disk (so if someone steals your disk they can't read them without knowing your password). The encryption is automatically removed if you move or copy the file to a non-encrypted folder or drive and according to The Encrypting File System | TechNet Library
I just tested on OneDrive and it does the same as you found on DropBox.EFS isn't designed to protect data while it's transferred from one system to another
If you want a second level of encryption on DropBox then you need to put your file (or folder) in an encrypted container. The easiest way would be to compress the file using 7-Zip and give it a password. I do this on both OneDrive and DropBox and it works fine as long as you only have a few files to do. If you had lots it would get rather cumbersome manually zipping/unzipping them I suppose.
There are some tools to automate this but I've not tried any of them - you could see here for some examples Top 5 Encryption tools for Dropbox, OneDrive, Google Drive | Next of Windows
As you have 10 Pro I'd recommend using bitlocker for local encryption not EFS it is safer and more secure.
See EFS, and why you shouldnt ever use it! - gHacks Tech News
and BitLocker - Turn On or Off for Operating System Drive in Windows 10 - Windows 10 Forums
And welcome to tenforums :)
Thanks for the detailed answer!
Please help be get a bit more of an understanding here. What I understand is that the file is encrypted in my disk. The Dropbox app asks from the operating system the contents of the file. The operating system detects that the user who runs the Dropbox app process has the necessary permissions, so before handing over the data to the app, it decrypts it.
If I am correct, which I might not be, this would end up with two files having the same name but different content. Wouldn't that be a problem for the Dropbox syncing process or it merely checks for same file name and date-creation/modification properties?
It's kind of not relevant with my original question but it would help me understand computers better!! :)
I'll use zip password protection. That was the method I was using so far but I always prefer using system tools if they do the job.
Thanks again!
If the user is authorized then the file will be decrypted when read from disk and encrypted when written. If the user is not authorized access will be denied so the kernel will give the file unencrypted (or not give it at all) to any process running under that user.
SourceOnly authorized users and designated data recovery agents can decrypt encrypted files. Other system accounts that have permissions for a file—even the Take Ownership permission—cannot open the file without authorization. Even the administrator account cannot open the file if that account is not designated as a data recovery agent. If an unauthorized user tries to open an encrypted file, access is denied.
No, you wouldn't get 2 files (at least not due to EFS). Either you can access the file or not.
I suppose that if you had a file in your dropbox folder that had been encrypted by another user on your local machine so your user (and the dropbox process) couldn't get access to it it might theoretically cause a problem. Dropbox would know there was a file of that name but wouldn't know any details (last modified date etc).
If there existed a file with the same name on another computer the same conflict resolution rules as normal would come into play. I'm not sure about Dropbox but OneDrive appends the machine name if it can't resolve a sync conflict.
I think you would have to try pretty hard for EFS to cause a problem with syncing - perhaps you could break it but I don't know.
The main issue is that it doesn't work for what you want as by the time dropbox (or any other process you are running) gets the file it isn't encrypted anyway.
Quote