How-To Geek

Sync Encrypted Files with Dropbox and SecretSync

Cloud storage is a must have for any geek, and Dropbox is leading the way with its simplicity and affordable prices. With SecretSync you can take full advantage of Dropbox without giving up your privacy by encrypting sensitive documents easily.

While Dropbox does store your files encrypted on their servers, users do not have access to the encryption keys and if files are requested by government agencies, Dropbox has the ability to decrypt your information and hand over the requested files.

To protect your files from any unwanted access you can use other encryption software like TrueCrypt to encrypt your files before having them sync with Dropbox, but that is a manual process that would not be ideal. SecretSync automates the process and keeps your documents protected by locally encrypting your files before they are synced to Dropbox.

What You’ll Need

To get started syncing your encrypted files you will need the following software.

You probably already have an account with Dropbox, but if you don’t go to their site and request a free account and install the software.

You will also need Java installed on your computer because SecretSync uses Java to encrypt your files.

Finally, you will need to request a download from SecretSync while the software is in beta.

Note: Currently SecretSync only runs on Windows, but OS X and Linux versions are coming soon.

Install SecretSync

Once everything is downloaded make sure you have Dropbox and Java installed and then install SecretSync.

On the first computer you will need to create a new SecretSync account. This is required because SecretSync will store your encryption keys while Dropbox will store your files. This separation allows both your keys and your files to be secure. Create an account on the first computer and on subsequent installations you will provide your credentials.

To further protect your files you can provide a passphrase that will be used in addition to the encryption key SecretSync provides. This passphrase is not recoverable so if you lose this you may not be able to retrieve your files.

Enter your Dropbox location so that the correct shortcuts can be created.

That’s it. SecretSync will create a new folder in your user folder as well as shortcuts in your Dropbox folder.

By default you will have a README.txt file in your encrypted folder. To verify that your files are being encrypted, open the README.txt file directly from within the SecretSync folder (left) and also open it from the Dropbox\.SecretSync_tunnel_Root folder (right). You can see below that the file that is being synced to dropbox is completely unreadable because it is encrypted.

Sync Encrypted Files

For any computers that you need your files, all you have to do is install Dropbox, Java, and SecretSync. This time when you install SecretSync just provide your account credentials and passphrase.

The files will automatically be decrypted in your SecretSync folder. Any files you want encrypted and synced just drag and drop them into the SecretSync folder just like you would with the Dropbox folder.


Justin Garrison is a Linux and HTPC enthusiast who loves to try new projects. He isn't scared of bricking a cell phone in the name of freedom.

  • Published 05/16/11

Comments (19)

  1. Roberto

    When out of beta, will secret sync be a paid or a free service?

  2. John Thomas

    You can’t loose a passphrase but you can lose it.

  3. john3347

    Does Secret Sync also work with any other online storage such as SkyDrive?

  4. Chronno S. Trigger

    From the looks of it, this program just creates a folder that it actively encrypts\decrypts. It’ll work for anything. You will need the software on any PC that you’re going to look at the folder on.

  5. Z1gguratVert1go

    I use Truecrypt with my Dropbox because I use Windows, OS X, and Ubuntu heavily (all three) and those are two tools that work perfectly on all three platforms. If this SecretSync works out I’ll be pretty excited.

  6. Skeeter

    Is there a limit as to how much data cam be stored in your SecretSync folder? I heard somewhere that it can only hold up to 2GB. Is this true? I currently have a 12GB DropBox. Granted I wouldn’t want to encrypt EVERYTHING in my Dropbox folder due to the encryption overhead that would eat up otherwise perfectly usable space, but I’m very close to the 2GB mark for data that I would like to have encrypted.

  7. Ding A Ling

    Oh sure! like other digital technologies aren’t insecure enough. Now we have “cloud storage”? ARE YOU KIDDING ME?!

    This may be nice for retaining bookmarks and other insensitive info but it will be a cold day in hell when I submit any of my sensitive info to “the cloud.” It’s only a matter of time before some dumb CEO starts running the show at Dropbox and allows certain other parties access to my data. It doesn’t take a crystal ball to see what’s coming. (And don’t forget: anyone who fails to remember the past is condemned to repeat it too.)

    NO SIR! You can keep your “cloud.” You industry idiots won’t even open “the pipes” to FULL THROTTLE! So why the hell would I even think of using cloud storage? I’d have to be a real idiot to upload and download to the cloud when I’m charged extra money to not only do it but then get charges money for any extra space I might need. I mean, does anyone really have “unlimited” access to the cloud any more? Can’t you see where this is going?!

    “…Attica! Attica! Attica!”


  8. Ekim

    “On the first computer you will need to create a new SecretSync account. This is required because SecretSync will store your encryption keys while Dropbox will store your files.”

    Based on that statement I don’t see how this approach adds any real additional security. As long as the encryption keys are managed by a third party how can we trust it? (Answer: You can’t)

    Why should anyone but myself have my encryption keys? Same goes for my house keys, car keys, any keys.

  9. Sai Kishore K.

    I don’t understand why would anyone want to use this, there is already a wonderful free open source app, TrueCrypt, just for this purpose. I mean, what advantage in SecretSync can one possibly see over TrueCrypt? Moreover, SecretSync is Dropbox specific (right?), while TrueCrypt is a versatile encryption software with so many features AND with the same ease level as of SecretSync.

  10. Justin Garrison

    @Ekim SecretSync stores the encryption keys for ease of use. You can however “salt” the encryption key with your own passphrase which will then mean that you are the only one who can decrypt your files. It would be like giving someone your house key but breaking off the part of the key that goes in the lock. A round piece of metal (the start of the key) is pretty useless without the actual keyed piece.

  11. James A.

    Hi this is James from SecretSync.

    @Roberto: We intend to have a free version with some reasonable limits, and ‘for-pay’ versions available that will add some features, remove limitations, etc.

    @Ekim: Even if you don’t use a passphrase, which is optional, you’ve gained a level of privacy you didn’t have before. Dropbox stores the encrypted files but has no access to the key, and we would store the key, but have no access to your files. To continue in Justin’s analogy, it’s like we have a key but have no idea where your house might be. Dropbox might be on your property, but can’t find the key and get into your house.

    If you do use a passphrase, there is no way anyone other than yourself can decrypt your files. This is the same as simply using a client-side secret. In fact, using our key to ‘salt’ your passphrase makes your passphrase that much stronger since it’s a truly random 256-bit salt rather than a deterministic value like your username or some constant in the code.

    @Sai Kishore K: TrueCrypt is a great product, but it’s pretty intimidating for many users. SecretSync tries to be simple while solving a similar problem (in regard to Dropbox anyway). And actually, SecretSync isn’t Dropbox specific. Any sync service that installs a regular folder on your system can be used. Some of our users use SecretSync successfully with SugarSync.

  12. Skeeter

    @Sai SecretSync adds a seemless feel for Dropbox encryption where TrueCrypt is a manual process to mount the encrypted file container prior to accessing your files. SecretSync adds a SecretSync folder to your machine where you would add the files you would like to have encrypted. The files are then encrypted on your machine before they are synced with Dropbox. If you try to access your encrypted files directly from Dropbox, they will be unreadable. The only way to access your encrypted data would be to go to your SecretSync folder.

    Pros: less encryption overhead VS Truecrypt as only the files you want encrypted create the additional overhead. TrueCrypt uses encrypted file containers of a pre-determined size. So if for example you have a 1GB encrypted container but only have 500MB of data within, you are still taking up 1GB of Dropbox real estate. Also, less manual work to mount the encrypted location as you would in TrueCrypt.

    Cons: I see two. First, only the actual files are encrypted, NOT the folders or folder structure or even file names. Whereas TrueCrypt hides everything within the encrypted file container. If you can’t access the TrueCrypt container, you can’t see what’s inside. Second, (Unconfirmed-see above) I read that SecretSync is limited to a maximum 2GB of encrypted data. I’ve not been able to confirm if this is true or if it is a limitation only in place while SecretSync is in beta. At least TrueCrypt allows you to define any size for your file containers. So if you exceed the size of one, you can always create a larger one to accommodate your data.

  13. Ekim

    @Justin Garrison thanks for the reply…

    The nice thing about two-factor authentication is it requires something I know (the passphrase) and something I have (the key). If I don’t actually have the key then its not really two-factor (imo) and the crypto becomes much more vulnerable to brute force attacks.

    Granted, the risk is low, especially with a strong passphrase, but it would be much lower if I was allowed to manage my own keys.

    This is why most industry trusted PKI and KMS implementations leave the secret keys in the possession of the owner. SSL TLSv3, PGP/GPG, Truecrypt (when using optional keys), etc.

  14. Skeeter

    Here’s another tidbit. More food for thought if you will.

    Dropbox (or any other cloud-storage company) by themselves could, given reason, be asked by certain authorities to decrypt the data you have stored on their servers and hand it over to them. On this note, what’s stopping these same authorities from next turning over to SecretSync and asking them to hand over the information that would be needed to decrypt the data within your SecretSync folder as well?

    With that said, the only thing keeping your SecretSync data truly safe from decryption would be the passphrase you use to “salt” your security. So if you don’t set a passphrase you are, in a sense, not really doing anything to further protect your data.

  15. m.bird

    I agree with skeeter and would like to add: how do we know that the passphrase is not stored by SecretSync also?

  16. GeezerAl

    WOW! This is really an incredible combination.
    My client previously used Folder Lock, which is good for encryption, but SecretSync automatically integrates with DropBox, is [currently] free and it adds a lot of flexibility with DropBox. Using a randomly generated password for SecretSync and a complex, long pass-phrase stored on his computer, provides plenty of security.

    My only concern right now, and I am thinking about how to implement it for my client, is backup. I think that I will have to suggest that he COPY files to SecretSync rather than move them. He uses disk imaging to accomplish the backup and if the cloud computers run into a glitch, he would be without those business-critical files.

    If anyone has a better way, please let me know.

  17. RavenRick58

    @James A is there/will there be any support for Android mobile devices?

  18. James A.

    @RavenRick58 We intend to support as many platforms as we can, and mobile is definitely a space that could use this kind of service, in our opinion anyway. I can’t give a timeline at the moment, though.

  19. Adam

    Great now I have encyrpted files on drop box.
    I send them to a friend using drop box … do they have to know my password to decrypt them.
    Secretkey should zip files so that they can use zip file decryption

More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!