- Boxcryptor is Using a Lot of CPU
- Boxcryptor is Slow
- Icons or the Context Menu are Not Shown
- How to Create a Debug Log
- What is a FolderKey.bch?
- I Cannot Connect to the Boxcryptor Servers
- Google Drive Troubleshooting
- iCloud Drive Troubleshooting
- How Do I Uninstall Boxcryptor?
- Where can I download Boxcryptor Classic?
- What happens if Boxcryptor goes out of business?
- Advanced Client Configuration
- Outdated Clients
- Cannot open some files
- Legacy System Extension
- Apple Chip-Support
FAQ & Troubleshooting
Boxcryptor is Using a Lot of CPU
CPU usage is completely dependent on the activity within the Boxcryptor drive. When many operations are executed within the Boxcryptor drive – such as reading and writing files – CPU usage will rise. When there is no activity in the Boxcryptor drive, there should not be any CPU usage.
However, it is possible that those activities are kind of invisible, for example when apps are running operations in the background, without the user’s interaction. A classic example for that is the indexing service of Spotlight.
Boxcryptor is Slow
An App is Slower Than Usual When Used With Boxcryptor
When an app is slower than usual when used in combination with Boxcryptor, the app might have a problem with handling Boxcryptor’s encryption. Boxcryptor simply acts as a filter, taking read and write requests from the operating system, and encrypting them on the way.
Well written apps write their files in blocks. In this case, Boxcryptor only needs to be active a few times during encryption and performance is not affected. Some apps, however, write each byte one by one. This results in many calls to Boxcryptor and leads to slower performance.
If you have trouble with one of your regular apps and performance is your priority, you could try out an alternative, to check if it can deal with Boxcryptor’s encryption better.
A Background Process is Causing High Load
Slow performance of the Boxcryptor drive might be caused by a background process performing a huge amount of file operations on the Boxcryptor drive without the user noticing. As Boxcryptor is then busy handling all the file operations of the background process, Boxcryptor has less time to handle file operations of other application and thus might feel slow. A classic example for a background service causing high load on the Boxcryptor drive is a search indexing service, e.g. Spotlight.
Anti-virus software real-time scanning incompatibilities
The real-time scanning feature of anti-virus software intercepts file operations and scans them for malware behavior. This can lead to incompatibility problems with the virtual Boxcryptor drive when the anti-virus software intercepts file operations on the virtual Boxcryptor drive as well as all file operations performed by Boxcryptor itself. This can lead to serious performance problems or even freeze the whole Boxcryptor drive.
If you encounter any problems with the Boxcryptor drive or its performance and are using an anti-virus software on your Mac, disable the real-time scanning feature or exclude the Boxcryptor drive if possible. You may also contact the support for your anti-virus software vendor and report this incompatibility so that they can fix it.
Icons or the Context Menu are Not Shown
With macOS 10.10 Yosemite Apple introduced new App Extensions to add custom functionality for example to Finder. Since version 2.3.401 (733) Boxcryptor for macOS, the integration of Boxcryptor into Finder is implemented as a Finder Sync extension as recommended by Apple. The Finder integration includes the Boxcryptor context-menu available when right-clicking a file or folder within Boxcryptor in Finder and overlay icons which reflect the encryption status of files and folders in Boxcryptor. Unfortunately, the reliability of Finder extensions in general does not always meet the expected level and it can happen that the Finder integration is missing for obscure reasons which we cannot influence and can only be fixed by Apple. In this article, we will outline some actions you can take if you should be affected by this problem.
Before digging deeper into the problem, we'd recommend to perform the following actions which might already resolve your problem:
- Relaunch Finder: Hold down the option key and right-click the Finder icon the Dock to click Relaunch
- Restart your Mac: Click the Apple icon in the menu bar and choose Restart.
- Reinstall Boxcryptor: Stop Boxcryptor if it is running, download the latest version of Boxcryptor for macOS, open the Boxcryptor Installer image and copy the Boxcryptor app to your Applications folder.
If the Boxcryptor Finder integration is still missing, go to System Preferences → Extensions and verify that Boxcryptor is listed in your Finder extensions. If the Boxcryptor Finder extension is not listed at all, a general problem with Finder extensions on your Mac could be the reason. A strong indicator for this reason is also when there isn't any (Finder) extension listed at all and also Dropbox and other extensions are missing. The best advice in this case is to contact Apple support for help - but if you'd like to troubleshoot the problem yourself, here are a few things you could try:
Manually add the Boxcryptor Finder extension
Normally, macOS should automatically discover and install the Boxcryptor Finder extension when Boxcryptor is being started for the first time. In some rare cases, this is not the case and the extension is not automatically loaded. To fix this, you can try to manually add the extension by following these steps:
- Open the Terminal application.
- Execute the following command:
pluginkit -a /Applications/Boxcryptor.app/Contents/PlugIns/Rednif.appex
Temporary disabling System Integrity Protection
System Integrity Protection (SIP) is an essential and important new protection mechanism introduced with macOS 10.11 El Capitan to prevent malware from tinkering with your operating system. Unfortunately, SIP also seems to sometimes break the extension system of macOS and we have seen reports where temporary disabling SIP, extensions could be loaded again and continue to load after SIP has been re-enabled. You should be really careful when modifying SIP and know the implications of your actions - information about SIP can be found here and here.
How to disable System Integrity Protection
CAUTION: We do generally not recommend to disable any system protection mechanism. Only perform these steps if you know what you do and on your own risk.
- Reboot your Mac and hold down Cmd+R simultaneously in order to boot into Recovery Mode.
- In the macOS Utilities screen, open Utilities and click Terminal.
- Determine the current state of SIP by entering the following command:
- Disable SIP by entering the following command:
- Reboot your Mac and verify that extensions have been loaded
- Reboot your Mac into Recovery Mode again, open the Terminal and re-enable SIP by entering the following command:
We have seen reports where reinstalling macOS fixes the problem and extensions are loaded successfully again after the operating system has been set up freshly. Especially if extensions are missing in general (e.g. also the Dropbox extension is missing although it is installed), a reinstallation of macOS might be the only solution to get the extension subsystem working correctly again.
Ensure that the Boxcryptor Finder extension is enabled
If the Boxcryptor Finder extension has been loaded and is listed in System Preferences → Extensions, verify that it is enabled and that the checkbox is checked.
Avoid extension conflicts
At any given time, only a single extension can be active for a specific folder regardless how many extensions are enabled. If two extensions register for the same folder, only one of them will be available in Finder and other will be ignored depending which extension was loaded first by macOS.
Try to disable other extensions in order to find possible conflicts. We have seen reports where especially the Google Drive and Synology Cloud Station Finder extensions caused problems with other extensions.
If none of these tips help and the Boxcryptor Finder integration still does not work on your Mac, we might be able to help you if you contact us directly. But you can be sure that you are not alone and we hope that Apple will fix extensions in the future.
How to Create a Debug Log
What is a Debug Log?
A debug log captures all internal events while Boxcryptor is running. It can help us to track down issues with Boxcryptor, for example bugs and incompatibilities with other software.
Does a Debug Log Contain Sensitive Data?
When you create a debug log, sensitive user information - like password, encryption keys, or actual file content will not be logged.
Which Information Does a Debug Log Contain?
The debug log captures the following information.
- User interaction such as button clicks and in-app navigation
- File operations (including unencrypted filenames)
- Current Boxcryptor settings
- Communication with our servers and your cloud provider(s)
- System information such as OS version or required frameworks
- running programs
How Do I Create a Debug Log?
- Quit Boxcryptor.
- Open the Terminal app and execute the following command:
- Reproduce all steps that lead to the unexpected behavior.
- Quit Boxcryptor by clicking on the menu bar icon → Quit Boxcryptor.
A debug log (
Boxcryptor-<Timestamp>.rawnsloggerdata) is generated and saved to ~/Library/Logs/Boxcryptor.
How Do I Access the log folder?
- Open Finder and choose Go → Go to Folder... (Cmd+Shift+G).
~/Library/Logs/Boxcryptorand click on go.
What Should I Do With my Debug Log?
As debug logs can grow pretty big pretty fast, we recommend to compress the debug log file in order to reduce its size before sending.
Additional System Information
If your system configuration matters, you can export information about it as follows:
- Open Spotlight → write
System Information→ press Enter. The system information overview opens.
- In the menu bar go to
Saveto export the information and send it to us additionally.
Log filesystem accesses before execution
What is a FolderKey.bch?
There is a File Called FolderKey.bch in my Cloud Storage. What is This?
Boxcryptor creates a FolderKey.bch file when a folder is encrypted. It contains encryption metadata for its parent folder and helps Boxcryptor to maintain the encryption hierarchy. This file is not visible within the Boxcryptor drive.
Does it Leak Sensitive Information?
The FolderKey.bch does not contain any sensitive information. Only .bc files contain sensitive information — and this only encrypted.
What Happens When I Lose it?
Dont't worry, you will not loose any data or access to files. All crypto-required information is stored directly within your encrypted *.bc files.
The downside of losing that file is that Boxcryptor no longer perceives the parent folder as encrypted. As a consequence, new files in this folder will not inherit the encryption properties.
I Cannot Connect to the Boxcryptor Servers
Depending on your system or network configuration, Boxcryptor may not always be able to communicate with our servers. However, there are some workarounds for the following scenarios.
Error Message: The Internet connection appears to be offline
When this error message shows, make sure that you still have internet access with Safari. Make sure that the Boxcryptor server status here returns the message OK. One possible source of error could be your proxy settings. For example, try adding
api.boxcryptor.com to an exclusion list.
Warning: This is no Secure Connection
If you are in an environment that performs traffic inspection, you might not be able to connect to our servers. Examples, where traffic inspection might interfere with Boxcryptor:
- Anti-virus solutions that protect internet traffic
- Public hotspots
- Company proxy servers
Traffic inspection, techically speaking, is a man-in-the-middle attack. Therefore, it is important to make sure your system or internet connection is not compromised. You can check the certificate information provided, by clicking advanced in the error message.
If you already have signed in to Boxcryptor sucessfully, you can continue offline. All files will be available. However, you will not be able to alter Boxcryptor permissions or use other online features of Boxcryptor.
Google Drive Troubleshooting
Encrypted file name too long
While Google Drive itself does not have a maximum file name length limit and synchronizes any file name length from a Mac to Google Drive, it restricts the maximum file name length when synchronizing a file or folder from Google Drive to a Mac.
While Google Drive Backup & Sync has a maximum file name length of 255 bytes, Google Drive File Stream allows only up to 250 bytes for a file name. If a file name exceeds these limits, Google Drive synchronizes the file but truncates the name so that it meets the limit. Please note that the length is not limited in the number of characters, but the number of bytes required by the name. One character used by Boxcryptor's file name encryption can occupy up to 4 bytes.
If an encrypted file name is truncated, Boxcryptor cannot decrypt the file name anymore because the whole encrypted file name is required for successful decryption. In this case, you must shorten the file name so that it does not exceed Google Drive's limits and is not being modified by Google Drive.
iCloud Drive Troubleshooting
I Cannot Activate the iCloud Location
Before you can activate iCloud as a location, please add iCloud in your Boxcryptor for iOS app. Upload a small dummy file so that the Apple System creates a Boxcryptor folder. Find more information on the use of iCloud here.
How Do I Uninstall Boxcryptor?
Since Boxcryptor is deeply integrated into macOS and the system does not provide any uninstall mechanism by default, follow this guide to remove Boxcryptor completly from your system.
- Quit Boxcryptor.
- Open the System Preferences → Extensions → Finder and disable Boxcryptor.
- Delete the following folders:
- ~/Library/Application Support/Boxcryptor
The ~/Library denotes the user library folder and NOT the system library folder.
- Remove application preferences by executing the following command in the Terminal app: defaults remove com.boxcryptor.osx
- Open the Keychain Access app and remove all entries starting with com.boxcryptor.osx.
- Move Boxcryptor.app into trash.
Where can I download Boxcryptor Classic?
Boxcryptor Classic is the predecessor of Boxcryptor which has been discontinued. It is not recommended to use Boxcryptor Classic because it is not supported anymore and does not work on the latest operating system versions.
If you’re an existing user of Boxcryptor Classic you can download it here and we recommend you to upgrade to Boxcryptor as soon as possible.
Download Boxcryptor Classic for Mac OS X here: https://www.boxcryptor.com/download/Boxcryptor_Classic_v1.5.415.252_Installer.dmg Supports Mac OS X 10.7, 10.8, 10.9, 10.10
If you already upgraded to Mac OS X >= 10.11 and need to decrypt your encrypted files with Boxcryptor Classic, you can download this “unofficial” version with read-only support for macOS 10.11 and 10.12: https://www.dropbox.com/s/wbrygn4x2kgzlsp/Boxcryptor_Classic_v1.5.417.253_Installer.dmg?dl=0
What happens if Boxcryptor goes out of business?
Boxcryptor has been designed in such a way that Boxcryptor continues to work even if the Boxcryptor servers are not available and you're still signed into Boxcryptor. If you want to take additional precautions for the event that the Boxcryptor servers would go permanently offline, you must have the following backups:
- Exported key file
- Boxcryptor installer file
When these files are available, you will always be able to access your encrypted files on your own on any supported operating system - without any connection to any server. The exported key file contains all encryption keys associated with your Boxcryptor account. Important: As new keys might be added over time by Boxcryptor's integrated key management (e.g. when sharing files with other Boxcryptor users), it is recommended to regularly export a new key file.
After installing Boxcryptor, you can use the exported key file to access your encrypted files using a local account. Learn more about exporting your keys and local accounts.
Advanced Client Configuration
Some preferences of Boxcryptor are not exposed in the user interface. While it is generally not recommended to modify these preferences, experienced users or administrators might want to do it to better tailor Boxcryptor to their needs.
The hidden preferences are loaded when Boxcryptor is starting. If Boxcryptor is running when you modify a hidden preference, you have to restart Boxcryptor in order for the change to be applied. Also be aware that the key is case-sensitive.
How to Manage Hidden Preferences
Hidden preferences are stored in the standard macOS user defaults system and can be managed using the defaults command in the Terminal application. The user defaults of Boxcryptor for macOS are stored in the domain "com.boxcryptor.osx". To manage the hidden preferences, you can execute the following commands in Terminal. Please read the man pages for the defaults command to learn more about using it.
- defaults read com.boxcryptor.osx KEY Reads the current value of KEY
- defaults write com.boxcryptor.osx KEY VALUE Stores VALUE for KEY
- defaults remove com.boxcryptor.osx KEY Deletes the KEY
List of hidden preferences
- autoDetectRemovableDrives By default, Boxcryptor auto-detects removable drives and automatically adds them as locations. Set this value to "NO" in order to disable the auto-detection of removable drives. Default: YES
- disableAccessControlLists By default, Boxcryptor supports access control lists (ACLs). Set this value to "YES" in order to disable this support if you don't need it. As getting ACLs requires additional file operations, disabling support for ACLs could slightly improve the performance of Boxcryptor. Default: NO
- disableAliases By default, Boxcryptor creates aliases for the Boxcryptor disk in the Finder sidebar and on the Desktop if Finder would not show it otherwise. Set this value to "YES" in order to disable the creation of aliases by Boxcryptor. Default: NO
- disableDesktopAlias By default, Boxcryptor creates an alias for the Boxcryptor disk on the Desktop if Finder would not show it otherwise. Set this value to "YES" in order to disable the creation of the Desktop alias by Boxcryptor. Note: Boxcryptor only creates the alias if Finder does not show connected servers (the Boxcryptor disk is mounted as remote disk). Please disable Finder -> Preferences -> General -> Connected servers in this case. Default: NO
- disableSidebarAlias By default, Boxcryptor creates an alias for the Boxcryptor disk in the Finder sidebar if Finder would not show it otherwise. Set this value to "YES" in order to disable the creation of the Finder sidebar alias by Boxcryptor. Default: NO
- disablePlainTextWarning By default, Boxcryptor will ask if you want to encrypt a file or folder if you create/copy/move it in a plaintext folder. You can disable this behaviour by setting this value to "YES". Boxcryptor will then always create plaintext files/folders in plaintext folders and not ask for encryption. Important: In this case, only files or folders created/copied/moved to already encrypted folders will be encrypted. Default: NO
- hidePlaintextFilesFromSpotlight By default, all files and folders within the Boxcryptor disk will be indexed by Spotlight if it is enabled. By setting this value to "YES", Spotlight will see and index only encrypted files and ignore any plaintext files in the Boxcryptor disk. Default: NO
- revertFileModificationDateOnPermissionChange When modifying permissions of encrypted files or folders, Boxcryptor will add a few seconds to the modification date so that synchronization apps can better detect and sync this change. If you do not want the modification date to change when modifying permissions in Boxcryptor, you can set this value to "YES". Boxcryptor will then revert the modification date to its original value after applying the new permissions. Default: NO
- eagerLogging By default, when logging is enabled, Boxcryptor logs filesystem events after being executed on the virtual Boxcryptor drive. By setting this value to "YES", Boxcryptor will also log the filesystem event prior to execution.
- defaults write com.boxcryptor.osx disableAliases -bool YES Disables the automatic creation of Finder sidebar and Desktop aliases for the Boxcryptor disk.
- defaults remove com.boxcryptor.osx disableAliases Restore the default behaviour of Boxcryptor regarding alias creation.
We regularly release new versions of Boxcryptor with new features, better stability and overall improvements and retire outdated versions over time. On September 30 2018, the following versions have been retired:
- Boxcryptor for Windows 2.22.706 and older
- Boxcryptor for macOS 2.19.907 and older
When you try to use a retired version, you will not be able to use Boxcryptor and receive one of the following error messages:
This client is invalid or outdated. Please upgrade to the latest version.
The client id is invalid!
This is no secure connection
The remote certificate is invalid according to the validation procedure
Boxcryptor can't establish a secure connection to the Boxcryptor server.
Download and install the latest version of Boxcryptor from here. Afterwards you will be able to continue to use Boxcryptor.
If you still see the error message This is no secure connection, the problem lies elsewhere. Check out I Cannot Connect to the Boxcryptor Servers.
Why can't I use a retired version?
As an additional security feature, Boxcryptor uses certificate pinning to defend against man-in-the-middle-attacks. By accepting only specific SSL certificates, Boxcryptor clients verify that a secure connection to our servers can be established.
The SSL certificate pinned in retired versions will be replaced on October 7th. These versions do not accept the new SSL certificate and refuse to establish a secure connection to our servers.
I am using Windows XP or Mac OS X 10.11 or earlier
Current versions of Boxcryptor require Windows 7 and later or macOS 10.12 and later. As all earlier operating system versions are not supported by Apple or Microsoft anymore, we recommend affected users to update their operating system to a newer version as soon as possible in order to stay safe.
Using unsupported operation systems poses a huge security risk. You really have to update your operating system for security-related use.
I cannot update to the latest version
Note: If you are using Windows, please look into I Cannot Update or Uninstall Boxcryptor first.
If for any reason you cannot update to the latest version and can't access your encrypted files anymore, you have the following options:
Boxcryptor Portable does not require any installation and can be used to access and decrypt your encrypted files without administrator rights. Download Boxcryptor Portable here.
You can export your keys from our server and use a local account to sign in to your outdated Boxcryptor version without requiring a connection to our servers. Learn more here.
I cannot sign in due to too many connected devices
Cannot open some files
There may be situations where files appear to be inaccessible. This can have multiple reasons:
Boxcryptor Access Issues
On desktop some Applications or the file browser shows a message with
Invalid parameterwhen trying to open a file.
- Boxcryptor is eventually signed-in to a wrong account. → Check the account info in the Boxcryptor settings and compare it with the Boxcryptor permissions.
- The user has no Boxcryptor permissions on the file. → Make sure the user has physical access to the shared file, has Boxcryptor permissions correctly set and the latest permission changes of the file have been synced. Learn how to set permissions here.
Filesystem Permissions Issues
Files are read-only or "permission denied" is displayed. Change files system permissions so your user can (physically) access them.
"Bad padding" issues, empty physical files or inaccessible folders due to an empty
File open shows "Found invalid data while decoding" and the .bc file is empty.
Folder cannot be opened "Found invalid data while decoding." is displayed in the permission settings.
There has been an incompatibility with Dropbox in the past that could create "broken" content for smaller files because Dropbox did not sync the last file change.
- restore an older version of the corrupted file via the file history of your cloud storage provider.
- for folder issues, delete the empty
Folderkey.bchfile and re-encrypt the folder.
Legacy System Extension
System extensions have been used for many years to extend the functionality of macOS. In order to improve security, stability and reliability of macOS, Apple is currently working on modern alternatives to system extensions in future versions of macOS.
Boxcryptor uses a system extension to provide the virtual Boxcryptor drive. Therefore, you may receive a "Legacy System Extension" message when Boxcryptor starts for the first time and periodically when it is running beginning with macOS 10.15.4 (Catalina).
We are aware of this message and Apple's transition away from system extensions in macOS. We will be ready to comply with Apple's future requirements in time.
Until then, you can ignore this message and safely close the window. Boxcryptor will continue working in macOS without any issues. More information can be found here.
On November 10, 2020, Apple revealed new Mac hardware with the revolutionary Apple Silicon M1 processors which are available since November 17. Boxcryptor has been adapted to run natively on the new processor architecture with the maximum performance and battery life.
Boxcryptor natively supports the new Apple Silicon Macs since version 2.39.1119 released on December 18, 2020.
Enable System Extensions
Enabling system extensions is a hard requirement to use Boxcryptor on Apple Silicon Macs and Boxcryptor will not work otherwise.
Apple is further locking down macOS in Apple Silicon Macs where 3rd party kernel extensions are disabled by default. Boxcryptor uses a kernel extension to provide the virtual Boxcryptor disk and integrate in macOS' file system for the best user experience. Only a kernel extension can offer this tight integration into macOS at the moment.
In order to use 3rd party kernel extensions on Apple Silicon Macs, users must enable system extensions by changing their Mac's Security Policy to Reduced Security and allow user management of kernel extensions from identified developers. Despite the dramatic name, Reduced Security still offers best-in-class security for every Mac:
In Full Security, only the latest Apple approved and signed version of macOS can be installed. When (re-)installing macOS, your Mac connects to Apple's servers and checks if the macOS version is allowed to be installed. Apple can remotely prevent the installation of a macOS version.
In Reduced Security, only Apple approved and signed versions of macOS can be installed. In contrast to Full Security this includes not only the latest, but also previous versions of macOS. No connection to Apple's servers is required and Apple cannot remotely prevent the installation of a macOS version.
Similar, allowing user management of kernel extensions from identified developers does not inheritly weaken the security of your Mac. Kernel extensions are still blocked by default and every kernel extension must explicitly be approved by a user with administrator rights before it can be loaded. Additionally, kernel extensions must be signed and notarized by Apple approved and accredited developers.
You will automatically be prompted to enable system extension when running Boxcryptor for the first time on an Apple Silicon Mac if required. In this case open System Preferences -> Security & Privacy and follow the provided instructions.
Alternatively, you can enable system extensions by following these steps as documented by Apple:
- Reboot your Mac into Recovery Mode
- Open Utilities -> Startup Security Utility
- Select and unlock your system volume and click Security Policy...
- Choose Reduced Security
- Enable Allow user management of kernel extensions from identified developers
- Click OK and confirm the action by entering your administrator credentials
- Restart your Mac
Allow Boxcryptor System Extension
Allowing the Boxcryptor system extension is a hard requirement to use Boxcryptor and Boxcryptor will not work otherwise.
The Boxcryptor kernel extension is blocked by default and must be allowed by a user with administrator rights before it can be loaded. You will automatically be prompted to allow the Boxcryptor system extension when running for the first time if required. In this case open System Preferences -> Security & Privacy and follow the provided instructions.
Note: Benjamin Fleischer is the maintainer of the open source kernel extension used by Boxcryptor.