This software enables you to transparently encrypt your Dropbox folder on your PC. It also lets you confirm the decryption operations on an Android smartphone, which is used as an NFC-enabled token. Additionally, it supports sharing files with other Dropbox users, while still encrypting the shared data.
Warning: This is just proof-of-concept code and should NOT be used in production environments
The associated master's thesis can be found here: http://sar.informatik.hu-berlin.de/research/publications/SAR-PR-2016-01/SAR-PR-2016-01_.pdf
- Debian Jessie (32 Bit) and Android Lollipop (5.0)
To build the software, execute the following commands:
git clone https://github.com/eriknellessen/user-controlled-decryption-operations
cd user-controlled-decryption-operations
make
You can install the app using the F-Droid app, download the apk by clicking on the F-Droid badge or build the app yourself by following the instructions below.
To install the Android App on your smartphone, connect it to your PC, enable debugging and execute the following command:
cd Android
./gradlew installDebugWe use the Android smartphone just like an NFC-enabled smartcard. So just place your smartphone on your NFC reader.
You now need to generate a key on the smartphone/push an existing key to the smartphone. Please notice, that the key is not saved to the next usage of the App, see issue #77 of jCardSim.
You can use gpg to generate/import the key. For a tutorial on importing keys to the smartphone, see here. For a tutorial on generating a key on the smartphone, see here.
We need to configure OpenSC, so it chooses the right driver to communicate with our Android smartphone. To do so, add the following lines to the file /etc/opensc/opensc.conf:
card_drivers = openpgp-modified, internal;
card_driver openpgp-modified {
# The location of the driver library
module = /path/to/the/build/directory/lib/card-openpgp-modified.so;
}
card_atr 3b:80:80:01:01 {
driver = "openpgp-modified";
}
On a 64 Bit system, you might need to change the path from
/path/to/the/build/directory/lib/card-openpgp-modified.so
to
/path/to/the/build/directory/lib64/card-openpgp-modified.so
This needs to be done only once. It must be done before starting the transparent client-side encryption or Dropbox.
- Create user Dropbox:
adduser Dropbox - Install Dropbox (download *.deb from here)
- Start Dropbox as normal user, so the files are installed. When it asks for your e-mail, close dropbox.
- Grant user Dropbox write access to your home directory, e.g. by executing
chmod 777 ~ - Execute
xhost +(as normal user) - Start Dropbox (as user Dropbox)
- Choose your home directory when asked where to place the Dropbox directory
- Terminate Dropbox
- Reclaim your Dropbox directory via chown
- Remove all files in Dropbox, e.g. by executing
rm -rf ./* ./.*inside the Dropbox directory
This needs to be done before starting Dropbox.
To start the transparent client-side encryption, execute the following command:
cd encrypting-cloud-storages/build
bin/start_fuseecs.shThis must not be done before starting the transparent client-side encryption.
We need to share our display, so the user Dropbox can use it. We then switch to the user Dropbox and start the program:
xhost +
su Dropbox
/home/user/.dropbox-dist/dropbox-lnx.$PLATFORM-$VERSION/dropboxFor sharing a folder, execute the following commands:
cd encrypting-cloud-storages/build
bin/start_share_a_folder.sh $FOLDER $OPENPGP_FINGERPRINTFor example, the commands could look like this:
cd encrypting-cloud-storages/build
bin/start_share_a_folder.sh /home/user/Dropbox/folder_to_share A6506F46This shares the folder in a cryptographic way. Afterwards, you still have to share the folder via Dropbox.