If you end up here on this old sub-domain, please head over to niceandfocused.com.
In order to share and store sensitive data of my startup company I was searching for a cloud storage solution which offers at least 5 GB of storage for free, the data should be client-sided encrypted (which means that there is no chance for the cloud provider to access your data) and as we are using Windows 10, Ubuntu 16.04 and Mac OS in the company there must be a good client program for all of them. (Directly to: How to setup)
- Drobox for example only offers a few GB storage for free but would have client programs for all 3 operating systems (OS)
- Google Drive offers generous 15GB for free but does not offer a linux client
- I found pCloud which is supposed to be fast, offers 10GB for free (up to 20GB with invites) and offers clients for all 3 OS! Also they are one of the very few (or only?) who agree in their terms, not to use your private data (which sounds normal but you won’t find a phrase like this in the big player’s services).
So we’re trying pCloud now. We’ll write about our experience in a couple of months.¹
¹ Oct’17: Still happy with pCloud! So far: No problems, fast, no annoying pop-ups.
As for all other providers, pCloud does not offer free client-side encryption, only in paid program (which is really affordable by the way). In order to satisfy this feature-request of ours we are using the free, open-source (under MIT licence) encryption tool Cryptomator which offers clients for Windows, Linux and Mac and is easy to use.
Howto: pCloud and Cryptomator
- Register to pCloud, feel free to use my invite link ²
² This gives us both +1 GB storage on top of the 10 GB (up to 20 GB)
- Install and start their client program
- Then, create a folder inside your pCloud folder for your encryption services, in my case I use e.g. P:/.cryptomator/ (the dot in front of the folder name enables you to hide the folder in normal view, but not neccessary for non-techy users)
- Install and start the Cyptomator client program
- Create a new “vault” with Cryptomator, browse to P:/.cryptomator/ and provide a name for your vault, I use my startup-name: vaultname
- Unlock the vault by entering your encryption password (if you loose your encryption password your encrypted data is lost!)
- In order to share this encrypted folder with your collegues you need to right-click the folder P:/.cryptomator/vaultname/ and share it over pCloud with others. They need to follow these instructions here and instead of creating a new vault they “open a vault” and select the file “masterkey.cryptomator” inside the shared folder “vaultname”. You need to share your vault-password with them so that they can unlock the vault.
- You will see a new “network” drive in your file browser with the name of your vault, in my case it is also accessable under Z:/
- everything you store inside this network drive (vault) is stored in weired, encrypted files and synced via the pCloud/.cryptomator/vaultname/ folder. You can only read and write to it when it is unlocked with Cryptomator and then by accessing the network drive your vaultname (Z:)
- In order to share non-encrypted files with people outside your company who are not using Cryptomator you simply store those files inside your pCloud (P:) but outside the .cryptomator folder. This data can be read/used normally as you might now from Dropbox/Google Drive/Owncloud/OneDrive etc.
I wrote these instructions quite fast so if anything is unclear feel free to ask me, I’m happy to improve these instructions a bit with some pictures or so 🙂
Howto: Linux “symlink” for a Cryptomator “vault”
I noticed, that I can’t see the Cryptomator vaults under some circumstances, e.g. when I choose a file in the browser UI or when I am in the terminal and want to browse unto the vault.
To fix this I did the following (using Ubuntu 16.04):
- Setup webdav:
- Cryptomator > Settings (little wheel icon) > Webdav scheme => webdav
- Lock your vaults and restart Cryptomator
- Now you can create a symlink using this terminal command:
ln -s /run/user/1000/gvfs/dav\:host\=localhost\,port\=42427\,ssl\=false\,prefix\=%2FABC123-E%2Fsubfolder/ ENC_subfolder
- replace ABC123 with the folder name which is in: ls /run/user/1000/gvfs/
- replace the subfolder with the subfolder in your vault you want to link