Filename Encryption with Boxcryptor
In this article, we summarize all the information about the optional encryption of folder names and filenames with Boxcryptor. We explain what it is good for, how to enable the feature, and the advantages and disadvantages of using it.
Help, My Boxcryptor Account Has Been Hacked?
Have you ever accidentally opened your Dropbox folder instead of your Boxcryptor virtual drive? It happens to us from time to time as well. However, if you suddenly see Asian characters instead of the filenames you are familiar with, this is no reason to get nervous: Instead of hackers, our filename encryption does exactly what it is supposed to do.
Boxcryptor encrypts your data as usual in the background. If you—or an unauthorized person without access rights—try to open this data without the appropriate password, you will get useless zeros and ones. However, in the free Boxcryptor plan (and by default in all other plans) the name and original file format of a document remain readable.
Filename Encryption for More Security
Often, for example when backing up automatically named photos from mobile devices, this is not much of a problem, since the data itself is protected and a simple numbering does not allow any conclusion about the specific content. In some cases, however, even the filename can provide sensitive information about a file—for example, if names or content descriptions are included. In these cases, it is recommended to activate the optional folder and filename encryption. This transforms all contents before the Boxcryptor-typical file extension (.bc) into incoherent Asian characters. This is how documents with active filename encryption look like:
Behind the use of Asian characters is the Base4K method which was developed by our own developers and which is entirely open source. It encodes the encrypted and therefore unreadable bytes of the filenames into a short, displayable form: the characters as they can be seen outside the Boxcryptor drive. For detailed information on the technical background, we have published this deep-dive article for you.
Filename encryption effectively prevents outsiders from analyzing your data structures. Nevertheless, it is not always necessary or useful. It can also cause problems when set up in some circumstances.
Advantages and Disadvantages of Filename Encryption
The advantages of encrypting folder and filenames are obvious: Outside your Boxcryptor drive, the content of files is made as unrecognizable as possible. Only metadata such as the modification date and file size remain unencrypted. But whether your file is a highly sensitive business document or a snapshot of the coffee cup at your desk, no one will know without your consent.
At the same time, the effort required for encryption increases. For technical reasons, there may be longer storage or loading times. However, this will not restrict the everyday use of your data with all programs directly from the Boxcryptor drive. On the other side, if you work in a team, there may be hurdles with filename encryption (for details see the chapter Filename Encryption of Shared Data).
How to Use Filename Encryption
The minimum requirement for using filename encryption is the Personal plan for Boxcryptor. The Free plan does not support filename encryption. Basically, filename encryption is enabled globally:
- Log in to your Boxcryptor account.
- Open the Boxcryptor settings—either by right-clicking on a file (in the Boxcryptor virtual drive) or by clicking on the Boxcryptor icon in the taskbar.
- Select “Enable filename encryption” in the “Security” tab.
The global option only affects new folders and files. Folders and files already synchronized with plain names visible will not be adjusted automatically. This is only possible manually via the context menu (right click -> Boxcryptor). If you have to set up multiple folders at the same time using the manual method, we recommend creating a new parent folder. Move all affected files and folders into it. Then activate the filename encryption for the new folder via the context menu. All subordinate data will now be adjusted. This may take some time, depending on the amount of data.
The filename encryption is also inherited like other properties of parent folders. This means that new files and folders created in a folder without name encryption will be readable with plain names even if global filename encryption is enabled. Moving files or folders without filename encryption to a folder with filename encryption enabled will apply it to the moved data. Moving files back to a location without filename encryption will keep the filename encryption active.
Even if filename encryption is enabled globally, new files created in a folder without filename encryption will not have filename encryption due to the inheritance of encryption properties.
Filename Encryption of Shared Data
Special care must be taken when encrypting the names of shared folders. For shared (e.g., team) folders, at least the highest instance should not have filename encryption. The reason for this is as follows: you share access rights to encrypted data via Boxcryptor on the one hand, but also via the cloud provider on the other. If several shared folders are now unrecognizable from outside the Boxcryptor drive, your counterpart will get something like the following information from the cloud provider:
Jane Doe has just shared 該文件是加密的如此肯定 and 這僅僅是加密的因此安全 with you.
Put yourself in the position of the person with whom you share the filename-encrypted folder. Imagine you are sharing two or more folders. How would the other person know which folder is which? Subfolders can of course still be provided with additional folder and filename encryption.
In addition, if filename encryption is enabled on the top-level folder and access permissions are changed, filename encryption changes as well. This may cause further mayhem as Dropbox, for example, changes filenames of shared (top-level) folders only locally and does not synchronize them. Changes to the permissions can subsequently lead to names that can no longer be read or decrypted.
Conclusion: An Important Decision
Using folder and filename encryption adds a lot of value in terms of security and privacy in the cloud. Nevertheless, its use should be deliberate and considered.
If you decide to use filename encryption, you should ideally do so from the start. Like the subsequent encryption of data already synchronized to the cloud, it only protects the changes made from its activation. The risk to which data that was already exposed while being stored in the cloud in plain text or with plain names can’t be reversed. The specific usage scenario must also be clear from the outset when setting up folder and filename encryption. Particularly in teams with shared folders, chaotic conditions can otherwise arise.
By the way, you can find more tips and best practices around Boxcryptor and encryption here.