SkyDrive is great for synchronising my documents between my home and work PCs, but I don’t trust it (or anything else) enough to hold my passwords, bank account details, etc without some additional encryption.
I first tried using the Encrypting File System (EFS) that is built in to Windows 7, for example, but it encrypts at the volume level – the data are decrypted when Windows applications access them. The SkyDrive client is a Windows application, so it sees the decrypted files and pushes them to the cloud. Not what I wanted.
TrueCrypt is an open source encryption system. It can, amongst other things, create an encrypted container (such as a file) and present this to Windows as another volume. I created one of these and put it into my SkyDrive folder so it synchronises the encrypted file up to the cloud.
First I needed to unset Settings > Preferences > “Preserve modification timestamp of file contents”, which is on by default. The SkyDrive client uses these timestamps to tell if things have changed so if TrueCrypt doesn’t change the timestamp SkyDrive won’t sync it.
Also, SkyDrive isn’t yet clever enough to only detect partial file changes, so any change to my encrypted files causes the entire container file to resync once it is dismounted. I initially tried a 1 GB container, but this takes ages to sync. I abandoned that and used a smaller one (10 MB) instead. I’m told that DropBox only syncs changes, so would be a better choice here. Hopefully SkyDrive will catch up soon.
The obvious down-side to this is that you need TrueCrypt installed to decrypt the data before accessing it, which means you can’t access the files from Surface, Windows Phone 7.5 or skydrive.live.com.
At the time of writing I was using SkyDrive 2012 (build 17.0.2003.112) and TrueCrypt 7.1a (7 Feb 2012).
No comments:
Post a Comment