You’ve encrypted the files on your hard drive,
but what about your backups? By default, backup
tools store your files unencrypted on a local or
network drive, which is fine if the drives have been
encrypted with VeraCrypt or BitLocker, but what if
you just want the backups to be encrypted; perhaps
you’d like to store them securely in the cloud?
The answer lies with the free and open-source
backup tool Duplicati, currently in beta (www.
duplicati.com). This has been engineered like
Cryptomator for the cloud, but specializes in file-
based backups. After downloading and installing,
let Duplicati launch—configuration is done through
a browser window. Click “Add backup” to work your
way through the backup wizard. You’re prompted
to set your encryption level (the default AES-256 is
more than adequate) and passphrase at the start.
Next, select your destination. You can back up
locally or directly to a range of cloud providers—
Google Drive, OneDrive (choose the v2 option),
Dropbox, and so on). If yours isn’t listed, choose
your cloud provider’s local folder, and let its native
app sync the backup files after it’s been taken.
From here, select which files and folders to
upload, set a schedule for updating the backup, and
choose how many backups to retain. Click “Save,”
then opt to run the backup now. A progress meter
shows how far it’s got—look at the throttle button if
the uploading impacts your Internet performance.
When it comes to recovering files, select
“Restore,” and follow the wizard—you can recover
individual files as well as older versions of a file.ENCRYPT BACKUPS
IN THE CLOUD
for example—adopt this “no
knowledge” policy, but others don’t.
You don’t need to switch
cloud provider to get this kind of
protection; instead, add your own
layer of encryption to critical files,
with keys not shared with anyone
else. An open-source encryption
tool designed for cloud-based
storage is Cryptomator (https://
cryptomator.org), which works with
any cloud provider from OneDrive
to Dropbox. The principle is
identical to VeraCrypt: You create a
password-protected virtual drive—
or vault—inside which your sensitive
files are stored. The key difference
is that Cryptomator encrypts files
and folders individually, rather
than as part of a larger file, so
changes are smaller and quicker to
upload and download.
Create a Cryptomator container
To s t ar t, go to http://www.cryptomator.
org/downloads and click “Download
64 Bit.” Once saved to your hard
drive, double-click the setup file,
and follow the install prompts,
making sure you install the “Dokan
File System Driver” when asked.
Reboot if prompted.
Open Cryptomator via the Search
box or Start menu, then enable
the integrated update check when
prompted to ensure Cryptomator
stays up to date. Click the “+” button
and choose ‘“Create New Vault.”
Navigate to your cloud folder, give
your vault a suitable name (this will
be the name of the folder containing
your encrypted files on the drive,
so don’t make it too obvious), and
click “Save.”
You’re prompted to create a
password to protect the vault and
access it from other computers or
mobile devices. We recommend
generating a long random one using
your password manager (store the
password as a secure note). Once
entered and safely recorded, click
“Create Vault.”
Click “More Options” to save
the password and automatically
mount the drive at startup (only
recommended on a secure PC). You
can also change the drive name and
choose a drive letter. Then enter your
password and click “Unlock Vault.”
A new Explorer window eventually
opens, pointing to your new virtual
drive (it’s also accessible via “This
PC” under “Network locations”)—
simply copy or save files in here, and
they’re encrypted securely before
being uploaded to the cloud.
When done, you can leave the
drive unlocked until you shut
down your PC or—if security is an
issue—open the main window and
click “Lock Vault” to close it down
(enter your password and click
“Unlock Vault” to bring it back
later if you need to).
You can access your cloud-hosted
vault from other computers by
installing Cryptomator on there and
choosing “Open existing vault.” There
are even paid-for apps for Android or
Apple phones if you need to upload
sensitive files while on the road.Shortcomings
Our main gripe with Cryptomator is
that its presence can’t be hidden—
and, in fact, is blindingly obvious to
any hacker combing through your
folders. That’s because its master key
is visible inside the folder containing
your encrypted data (even the
name—masterkey.cryptomator—
isn’t subtle). This highlights the need
to keep an independent backup of anyStrengthen your Cryptomator vault by using a randomly generated password.data stored in a Cryptomator vault
in case these key files are damaged
or lost.
If that’s a deal-breaker, consider
switching back to VeraCrypt, but
minimize the size of your vault (make
multiple smaller vaults, rather than
one large one). This helps reduce
the amount of bandwidth used
when uploading and downloading
changes to encrypted files. Another
approach is to use cloud storage
for encrypted file and image-based
backups (see box above).maximumpc.com MAR 2020 MAXIMUMPC 41