FAQ & Troubleshooting

Boxcryptor is Using a Lot of CPU

CPU usage is completely dependent on the activity within the Boxcryptor drive. When many operations are executed within the Boxcryptor drive – such as reading and writing files – CPU usage will rise. When there is no activity in the Boxcryptor drive, there should not be any CPU usage.

However, it is possible that those activities are kind of invisible, for example when apps are running operations in the background, without the user’s interaction. A classic example for that is the indexing service of Spotlight.

Boxcryptor is Slow

An App is Slower Than Usual When Used With Boxcryptor

When an app is slower than usual when used in combination with Boxcryptor, the app might have a problem with handling Boxcryptor’s encryption. Boxcryptor simply acts as a filter, taking read and write requests from the operating system, and encrypting them on the way.

Well written apps write their files in blocks. In this case, Boxcryptor only needs to be active a few times during encryption and performance is not affected. Some apps, however, write each byte one by one. This results in many calls to Boxcryptor and leads to slower performance.

If you have trouble with one of your regular apps and performance is your priority, you could try out an alternative, to check if it can deal with Boxcryptor’s encryption better.

A Background Process is Causing High Load

Slow performance of the Boxcryptor drive might be caused by a background process performing a huge amount of file operations on the Boxcryptor drive without the user noticing. As Boxcryptor is then busy handling all the file operations of the background process, Boxcryptor has less time to handle file operations of other application and thus might feel slow. A classic example for a background service causing high load on the Boxcryptor drive is a search indexing service, e.g. Spotlight.

Anti-virus software real-time scanning incompatibilities

The real-time scanning feature of anti-virus software intercepts file operations and scans them for malware behavior. This can lead to incompatibility problems with the virtual Boxcryptor drive when the anti-virus software intercepts file operations on the virtual Boxcryptor drive as well as all file operations performed by Boxcryptor itself. This can lead to serious performance problems or even freeze the whole Boxcryptor drive.

If you encounter any problems with the Boxcryptor drive or its performance and are using an anti-virus software on your Mac, disable the real-time scanning feature or exclude the Boxcryptor drive if possible. You may also contact the support for your anti-virus software vendor and report this incompatibility so that they can fix it.

Icons or the Context Menu are Not Shown

With macOS 10.10 Yosemite Apple introduced new App Extensions to add custom functionality for example to Finder. Since version 2.3.401 (733) Boxcryptor for macOS, the integration of Boxcryptor into Finder is implemented as a Finder Sync extension as recommended by Apple. The Finder integration includes the Boxcryptor context-menu available when right-clicking a file or folder within Boxcryptor in Finder and overlay icons which reflect the encryption status of files and folders in Boxcryptor. Unfortunately, the reliability of Finder extensions in general does not always meet the expected level and it can happen that the Finder integration is missing for obscure reasons which we cannot influence and can only be fixed by Apple. In this article, we will outline some actions you can take if you should be affected by this problem.

Before digging deeper into the problem, we'd recommend to perform the following actions which might already resolve your problem:

  • Relaunch Finder: Hold down the option key and right-click the Finder icon the Dock to click Relaunch
  • Restart your Mac: Click the Apple icon in the menu bar and choose Restart.
  • Reinstall Boxcryptor: Stop Boxcryptor if it is running, download the latest version of Boxcryptor for macOS, open the Boxcryptor Installer image and copy the Boxcryptor app to your Applications folder.

If the Boxcryptor Finder integration is still missing, go to System Preferences → Extensions and verify that Boxcryptor is listed in your Finder extensions. If the Boxcryptor Finder extension is not listed at all, a general problem with Finder extensions on your Mac could be the reason. A strong indicator for this reason is also when there isn't any (Finder) extension listed at all and also Dropbox and other extensions are missing. The best advice in this case is to contact Apple support for help - but if you'd like to troubleshoot the problem yourself, here are a few things you could try:

Manually add the Boxcryptor Finder extension

Normally, macOS should automatically discover and install the Boxcryptor Finder extension when Boxcryptor is being started for the first time. In some rare cases, this is not the case and the extension is not automatically loaded. To fix this, you can try to manually add the extension by following these steps:

  1. Open the Terminal application.
  2. Execute the following command: pluginkit -a /Applications/Boxcryptor.app/Contents/PlugIns/Rednif.appex

Temporary disabling System Integrity Protection

System Integrity Protection (SIP) is an essential and important new protection mechanism introduced with macOS 10.11 El Capitan to prevent malware from tinkering with your operating system. Unfortunately, SIP also seems to sometimes break the extension system of macOS and we have seen reports where temporary disabling SIP, extensions could be loaded again and continue to load after SIP has been re-enabled. You should be really careful when modifying SIP and know the implications of your actions - information about SIP can be found here and here.

How to disable System Integrity Protection

CAUTION: We do generally not recommend to disable any system protection mechanism. Only perform these steps if you know what you do and on your own risk.

  1. Reboot your Mac and hold down Cmd+R simultaneously in order to boot into Recovery Mode.
  2. In the macOS Utilities screen, open Utilities and click Terminal.
  3. Determine the current state of SIP by entering the following command: csrutil status.
  4. Disable SIP by entering the following command: csrutil disable.
  5. Reboot your Mac and verify that extensions have been loaded
  6. Reboot your Mac into Recovery Mode again, open the Terminal and re-enable SIP by entering the following command: csrutil enable.

Reinstall macOS

We have seen reports where reinstalling macOS fixes the problem and extensions are loaded successfully again after the operating system has been set up freshly. Especially if extensions are missing in general (e.g. also the Dropbox extension is missing although it is installed), a reinstallation of macOS might be the only solution to get the extension subsystem working correctly again.

Ensure that the Boxcryptor Finder extension is enabled

5-4   Help Finder Integration Troubleshooting Extensions

If the Boxcryptor Finder extension has been loaded and is listed in System Preferences → Extensions, verify that it is enabled and that the checkbox is checked.

Avoid extension conflicts

At any given time, only a single extension can be active for a specific folder regardless how many extensions are enabled. If two extensions register for the same folder, only one of them will be available in Finder and other will be ignored depending which extension was loaded first by macOS.

Try to disable other extensions in order to find possible conflicts. We have seen reports where especially the Google Drive and Synology Cloud Station Finder extensions caused problems with other extensions.

If none of these tips help and the Boxcryptor Finder integration still does not work on your Mac, we might be able to help you if you contact us directly. But you can be sure that you are not alone and we hope that Apple will fix extensions in the future.

How to Create a Debug Log

What is a Debug Log?

A debug log captures all internal events while Boxcryptor is running. It can help us to track down issues with Boxcryptor, for example bugs and incompatibilities with other software.

Does a Debug Log Contain Sensitive Data?

When you create a debug log, sensitive user information - like password, encryption keys, or actual file content will not be logged.

Which Information Does a Debug Log Contain?

The debug log captures the following information.

  • User interaction such as button clicks and in-app navigation
  • File operations (including unencrypted filenames)
  • Current Boxcryptor settings
  • Communication with our servers and your cloud provider(s)
  • System information such as OS version or required frameworks
  • running programs

How Do I Create a Debug Log?

  • Quit Boxcryptor.
  • Open the Terminal app and execute the following command: /Applications/Boxcryptor.app/Contents/MacOS/Boxcryptor --debug
  • Reproduce all steps that lead to the unexpected behavior.
  • Quit Boxcryptor by clicking on the menu bar icon → Quit Boxcryptor.

A debug log (Boxcryptor-<Timestamp>.rawnsloggerdata) is generated and saved to ~/Library/Logs/Boxcryptor.

How Do I Access the log folder?

  • Open Finder and choose Go → Go to Folder... (Cmd+Shift+G).
  • Enter ~/Library/Logs/Boxcryptor and click on go.

What Should I Do With my Debug Log?

Use our Boxcryptor help formular to send us the file with a detailed problem description or write to our support team with the debug log attached.

As debug logs can grow pretty big pretty fast, we recommend to compress the debug log file in order to reduce its size before sending.

Additional System Information

If your system configuration matters, you can export information about it as follows:

  1. Open Spotlight → write System Information → press Enter. The system information overview opens.
  2. In the menu bar go to FileSave to export the information and send it to us additionally.

What is a FolderKey.bch?

There is a File Called FolderKey.bch in my Cloud Storage. What is This?

Boxcryptor creates a FolderKey.bch file when a folder is encrypted. It contains encryption metadata for its parent folder and helps Boxcryptor to maintain the encryption hierarchy. This file is not visible within the Boxcryptor drive.

Does it Leak Sensitive Information?

No. All sensitive data within the file is securely encrypted.

What Happens When I Lose it?

Dont't worry, you will not loose any data or access to files. All crypto-required information is stored directly within your encrypted *.bc files.

The downside of losing that file is that Boxcryptor no longer perceives the parent folder as encrypted. As a consequence, new files in this folder will not inherit the encryption properties.

I Cannot Connect to the Boxcryptor Servers

Depending on your system or network configuration, Boxcryptor may not always be able to communicate with our servers. However, there are some workarounds for the following scenarios.

Error Message: The Internet connection appears to be offline

When this error message shows, make sure that you still have internet access with Safari. Make sure that the Boxcryptor server status here returns the message OK. One possible source of error could be your proxy settings. For example, try adding api.boxcryptor.com to an exclusion list.

Warning: This is no Secure Connection

If you are in an environment that performs traffic inspection, you might not be able to connect to our servers. Examples, where traffic inspection might interfere with Boxcryptor:

  • Anti-virus solutions that protect internet traffic
  • Public hotspots
  • Company proxy servers
  • Malware

Traffic inspection, techically speaking, is a man-in-the-middle attack. Therefore, it is important to make sure your system or internet connection is not compromised. You can check the certificate information provided, by clicking advanced in the error message.

Working Offline

If you already have signed in to Boxcryptor sucessfully, you can continue offline. All files will be available. However, you will not be able to alter Boxcryptor permissions or use other online features of Boxcryptor.

Custom Certificate Validation

Advanced users who are aware of the risks have the otion to work with a custom certificate. Boxcryptor disallowes that by default, but it can be enabled by executing the following command: defaults write com.boxcryptor.osx allowCustomCertificatePinning YES

Next time an invalid certificate is detected, this custom certificate is used for server communication. If you do not want to use the certificate permanently, you can revoke it in Boxcryptor’s advanced settings.

Advanced: Provide Certificate Thumbprints

For administrative rollout that does not require any user interaction, custom certificate sha1 thumbprints can be pre-configured in the application defaults: defaults write defaults write com.boxcryptor.osx customCertificateSHA1Thumbprints "<value>"

Note: Severe SSL errors, for example caused by outdated certificates, will still prohibit Boxcryptor to use a custom certificate. A wrong system time can also lead to SSL errors.

Google Drive Troubleshooting

Encrypted file name too long

While Google Drive itself does not have a maximum file name length limit and synchronizes any file name length from a Mac to Google Drive, it restricts the maximum file name length when synchronizing a file or folder from Google Drive to a Mac.

While Google Drive Backup & Sync has a maximum file name length of 255 bytes, Google Drive File Stream allows only up to 250 bytes for a file name. If a file name exceeds these limits, Google Drive synchronizes the file but truncates the name so that it meets the limit. Please note that the length is not limited in the number of characters, but the number of bytes required by the name. One character used by Boxcryptor's file name encryption can occupy up to 4 bytes.

If an encrypted file name is truncated, Boxcryptor cannot decrypt the file name anymore because the whole encrypted file name is required for successful decryption. In this case, you must shorten the file name so that it does not exceed Google Drive's limits and is not being modified by Google Drive.

iCloud Drive Troubleshooting

I Cannot Activate the iCloud Location

Before you can activate iCloud as a location, please add iCloud in your Boxcryptor for iOS app. Upload a small dummy file so that the Apple System creates a Boxcryptor folder. Find more information on the use of iCloud here.

How Do I Uninstall Boxcryptor?

Since Boxcryptor is deeply integrated into macOS and the system does not provide any uninstall mechanism by default, follow this guide to remove Boxcryptor completly from your system.

  1. Quit Boxcryptor.
  2. Open the System Preferences → Extensions → Finder and disable Boxcryptor.
  3. Delete the following folders:
  • ~/Library/Application Support/Boxcryptor
  • ~/Library/Logs/Boxcryptor
  • /Volumes/Secomba
  1. Remove application preferences by executing the following command in the Terminal app: defaults remove com.boxcryptor.osx
  2. Open the Keychain Access app and remove all entries starting with com.boxcryptor.osx.
  3. Move Boxcryptor.app into trash.

Where can I download Boxcryptor Classic?

Boxcryptor Classic is the predecessor of Boxcryptor which has been discontinued. It is not recommended to use Boxcryptor Classic because it is not supported anymore and does not work on the latest operating system versions.

If you're an existing user of Boxcryptor Classic you can download it here and we recommend you to upgrade to Boxcryptor as soon as possible.

Download Boxcryptor Classic for Mac OS X here: https://www.boxcryptor.com/download/Boxcryptor_Classic_v1.5.415.252_Installer.dmg Supports Mac OS X 10.7, 10.8, 10.9, 10.10

If you already upgraded to Mac OS X >= 10.11 and need to decrypt your encrypted files with Boxcryptor Classic, you can download this "unofficial" version with read-only support for macOS 10.11 and 10.12: https://www.dropbox.com/s/wbrygn4x2kgzlsp/Boxcryptor_Classic_v1.5.417.253_Installer.dmg?dl=0

What happens if Boxcryptor goes out of business?

Boxcryptor has been designed in such a way that Boxcryptor continues to work even if the Boxcryptor servers are not available and you're still signed into Boxcryptor. If you want to take additional precautions for the event that the Boxcryptor servers would go permanently offline, you must have the following backups:

  • Exported key file
  • Boxcryptor installer file

When these files are available, you will always be able to access your encrypted files on your own on any supported operating system - without any connection to any server. The exported key file contains all encryption keys associated with your Boxcryptor account. Important: As new keys might be added over time by Boxcryptor's integrated key management (e.g. when sharing files with other Boxcryptor users), it is recommended to regularly export a new key file.

After installing Boxcryptor, you can use the exported key file to access your encrypted files using a local account. Learn more about exporting your keys and local accounts.

Hidden Preferences

Some preferences of Boxcryptor for macOS are not exposed in the user interface. While it is generally not recommended to modify these preferences, experienced users might want to do it to better tailor Boxcryptor for macOS to their needs.

The hidden preferences are loaded when Boxcryptor is starting. If Boxcryptor is running when you modify a hidden preference, you have to restart Boxcryptor in order for the change to be applied. Also be aware that the key is case-sensitive.

How to manage hidden preferences

Hidden preferences are stored in the standard macOS user defaults system and can be managed using the defaults command in the Terminal application. The user defaults of Boxcryptor for macOS are stored in the domain "com.boxcryptor.osx". To manage the hidden preferences, you can execute the following commands in Terminal. Please read the man pages for the defaults command to learn more about using it.

  • defaults read com.boxcryptor.osx KEY Reads the current value of KEY
  • defaults write com.boxcryptor.osx KEY VALUE Stores VALUE for KEY
  • defaults remove com.boxcryptor.osx KEY Deletes the KEY

List of hidden preferences

  • autoDetectRemovableDrives By default, Boxcryptor auto-detects removable drives and automatically adds them as locations. Set this value to "NO" in order to disable the auto-detection of removable drives. Default: YES
  • disableAccessControlLists By default, Boxcryptor supports access control lists (ACLs). Set this value to "YES" in order to disable this support if you don't need it. As getting ACLs requires additional file operations, disabling support for ACLs could slightly improve the performance of Boxcryptor. Default: NO
  • disableAliases By default, Boxcryptor creates aliases for the Boxcryptor disk in the Finder sidebar and on the Desktop if Finder would not show it otherwise. Set this value to "YES" in order to disable the creation of aliases by Boxcryptor. Default: NO
  • disableDesktopAlias By default, Boxcryptor creates an alias for the Boxcryptor disk on the Desktop if Finder would not show it otherwise. Set this value to "YES" in order to disable the creation of the Desktop alias by Boxcryptor. Note: Boxcryptor only creates the alias if Finder does not show connected servers (the Boxcryptor disk is mounted as remote disk). Please disable Finder -> Preferences -> General -> Connected servers in this case. Default: NO
  • disableSidebarAlias By default, Boxcryptor creates an alias for the Boxcryptor disk in the Finder sidebar if Finder would not show it otherwise. Set this value to "YES" in order to disable the creation of the Finder sidebar alias by Boxcryptor. Default: NO
  • disablePlainTextWarning By default, Boxcryptor will ask if you want to encrypt a file or folder if you create/copy/move it in a plaintext folder. You can disable this behaviour by setting this value to "YES". Boxcryptor will then always create plaintext files/folders in plaintext folders and not ask for encryption. Important: In this case, only files or folders created/copied/moved to already encrypted folders will be encrypted. Default: NO
  • hidePlaintextFilesFromSpotlight By default, all files and folders within the Boxcryptor disk will be indexed by Spotlight if it is enabled. By setting this value to "YES", Spotlight will see and index only encrypted files and ignore any plaintext files in the Boxcryptor disk. Default: NO
  • revertFileModificationDateOnPermissionChange When modifying permissions of encrypted files or folders, Boxcryptor will add a few seconds to the modification date so that synchronization apps can better detect and sync this change. If you do not want the modification date to change when modifying permissions in Boxcryptor, you can set this value to "YES". Boxcryptor will then revert the modification date to its original value after applying the new permissions. Default: NO

Examples

  • defaults write com.boxcryptor.osx disableAliases -bool YES Disables the automatic creation of Finder sidebar and Desktop aliases for the Boxcryptor disk.
  • defaults remove com.boxcryptor.osx disableAliases Restore the default behaviour of Boxcryptor regarding alias creation.

Outdated Clients

We regularly release new versions of Boxcryptor with new features, better stability and overall improvements and retire outdated versions over time. On September 30 2018, the following versions have been retired:

  • Boxcryptor for Windows 2.22.706 and older
  • Boxcryptor for macOS 2.19.907 and older

When you try to use a retired version, you will not be able to use Boxcryptor and receive one of the following error messages:

This client is invalid or outdated. Please upgrade to the latest version.


The client id is invalid!


This is no secure connection


The remote certificate is invalid according to the validation procedure


Boxcryptor can't establish a secure connection to the Boxcryptor server.

Solution

Download and install the latest version of Boxcryptor from here. Afterwards you will be able to continue to use Boxcryptor.

If you still see the error message This is no secure connection, the problem lies elsewhere. Check out I Cannot Connect to the Boxcryptor Servers.

Why can't I use a retired version?

As an additional security feature, Boxcryptor uses certificate pinning to defend against man-in-the-middle-attacks. By accepting only specific SSL certificates, Boxcryptor clients verify that a secure connection to our servers can be established.

The SSL certificate pinned in retired versions will be replaced on October 7th. These versions do not accept the new SSL certificate and refuse to establish a secure connection to our servers.

I am using Windows XP or Mac OS X 10.10 or earlier

Current versions of Boxcryptor require Windows 7 and later or macOS 10.11 and later. As all earlier operating system versions are not supported by Apple or Microsoft anymore, we recommend affected users to update their operating system to a newer version as soon as possible in order to stay safe.

Using unsupported operation systems poses a huge security risk. You really have to update your operating system for security-related use.

I cannot update to the latest version

Note: If you are using Windows, please look into I Cannot Update or Uninstall Boxcryptor first.

If for any reason you cannot update to the latest version and can't access your encrypted files anymore, you have the following options:

Boxcryptor Portable

Boxcryptor Portable does not require any installation and can be used to access and decrypt your encrypted files without administrator rights. Download Boxcryptor Portable here.

Key Export

You can export your keys from our server and use a local account to sign in to your outdated Boxcryptor version without requiring a connection to our servers. Learn more here.

I cannot sign in due to too many connected devices

Sign in to your account at boxcryptor.com and remove a device which is no longer needed. Then try again to sign in.