Link to home
Start Free TrialLog in
Avatar of Michael Murphy
Michael MurphyFlag for Ireland

asked on

Encryption of Files stored on OneDrive. what works best and how to do

I want to encrypt dome documents I am storing in OneDrive. These are not ultra sensitive documents  but some are academic and I would like to keep them private What would you Advise?

My O.S. is Windows 10.  OneDrive sync client version
Avatar of noci
noci

use 7zip or winzip and password encrypt the files before uploading them.
modern version should use aes to encrypt.

gnupg or pgp  are also useful tools
for small files, make a versacrypt container and use that to hold them, put the file in onedrive. make sure to change the defaults so the file modified time changes. con: will only work from computers with versacrypt, so no access via the onedrive app on your cell.
Avatar of Michael Murphy

ASKER

I already have these files stored in OneDrive. Can I encrypt them within the program or must I extract them and encrypt before syncing to OneDrive?
SOLUTION
Avatar of Aaron Tomosky
Aaron Tomosky
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Also possible: EFS. Introduction: https://technet.microsoft.com/en-us/library/cc962121.aspx
Anyway: backup your encryption keys - for EFS, that would be a certificate.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I already have these files stored in OneDrive. Can I encrypt them within the program or must I extract them and encrypt before syncing to OneDrive?
You should remove from OneDrive >>> Encrypt them locally >>>> Backup the encrypted files.

Another one worth looking at .... https://www.boxcryptor.com
Right. I decided to install AES encruption. I downloaded a Guide to installation.
 I downloaded the AES  file.  I clicked on the Aescrypt.msi file and it ran, installing successfully. I then clicked on  the setup.exe file. It ran so far. Then it told me I had a conflict that a more recent version Microsoft Visual ++  2010 was installed on my system.  I then removed this from programs.
I started again and when I ran setup.exe it appeared to work. But at the end I was told that there was an error: this was the message:
Unable to locate application file 'AESCrypt.msi'.
The following components were successfully installed:
- Visual C++ 2010 Runtime Libraries (x64)
See the setup log file located at 'C:\Users\smarc\AppData\Local\Temp\VSD71C0.tmp\install.log' for more information.
 I tried to encrypt a Word file. I clicked on the encrypt option and filled in a password and it appeared to work. However when I tested  to unencrypt the file and entered my password I was told that although the file was there it could not be unencrypted.
What to do?
(P.S. I tried this on two computers - same result with each).
Use EFS.
So, am trying to set up EFS. Got step by step guide.
The First instruction is: 'Log in to the Client01 using domain user account (Btech\Darshana).

Am stumped. How do I do this?

I put the question to Internet and got this Youtube Video.
https://www.youtube.com/watch?v=N8_WnLedJRU
But when I tried to open it all I got was a blank black screen.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I created a file and put some text in it. Called Test File.docx
I right clicked on it and checked 'Encrypt contents .....'. Now a yellow padlock appears on the file icon. I click on the file expecting to be asked for the encryption key. But the File opens without it.
I try another file. The yellow padlock appears, but the file is not encrypted.
Remember that in my first comment I linked something? Read it, please, it explains why what you see is normal and expected. For a test, please logon as another user and try to open that file.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
"So with EFS the key is stored on the system somewhere, retrievable by the user..., sysadmin..." - the sysadmin is always in charge. You feel you can hide things from the sysadmin? What if he deploys a keylogger? Any solution is unsafe against other admins on the same system.
"...whoever knows where to look." - no, other users cannot get the key since they cannot access certificates of other users.
Any solution is unsafe against other admins on the same system.
 That is where cloud systems fail.
In the AES method the key can be kept somehere else eand only the crypted text is sent around..

Remember the Cablegate?    images of the AESencrypted collection were sent all over the net.  The key  was only sent to specific parties.
Cannot get anywhere and am very frustrated. Decided Veracrypt would be best for me. Downloaded Verscrypt and 'Beginner's Tutorial: 'How to CREATE and USE VERACRYPT.
Went through all the steps until the one to Mount the Volume. Told I could not because I did not have Administrator Privileges. So logged in as Administrator and went through all the steps, finally being told that I had Mounted the Volume successful.

What comes next: I want to put files into the Container, and then only to access them by using the password (which opens the encrypted Container). Cannot succeed in doing this.
I locate the container file using search. I click on it to open it, but cannot. I go to THIS PC, see the Drive which I nominated (M) click on it, see the container. I am able to transfer files into the container (not asked for password). Later I want to test that the container is encrypted. so I again go to THIS PC, click on the Drive. It opens, showing the container. When I click on the Container the files which I put there appear, and they open when I click on them. Where is the Encryption?

Furthermore when I close down my Computer and restart it, and go to THIS PC  I find that the Drive M in which the container was mounted, has disappeared. What to do?
If you could tell me what speaks against EFS, I would be happy to assist.
When I close down my Computer and restart it, and go to THIS PC  I find that the Drive M in which the container was mounted, has disappeared
That's exactly as it should be. At this point in time your files are excrypted within the container.

Double click on your container .... enter password ..... Drive M should appear.

The contents of your container are now decrypted and available on M:.

Dismount the container to encrypt the contents. Drive M should dissappear.
When I double click on my container I do not get asked for password. Instead I am asked 'How do you want to open the file?
I am attaching a screenshot of this. (the container is named :'My Container'.)  Clearly I am doing something wrong.
Sreenshot-1.png
Am trying EFS again in response to McKnife above.
I find that when I reach the point when I am to click the box opposite:  'Encrypt Contents to Secure Date', that line is blanked out. I can see it but cant click on it.
I  then ran the laptop  as Administrator. Same result. Same result too for several different files (all created with Word 2013 (docx files).
My OS is Windows 10 Home (2017)
The home edition does not support EFS, so it's out unless you are willing to pay for a windows version upgrade.
When I double click on my container I do not get asked for password. Instead I am asked 'How do you want to open the file?
That sometimes happens with windows10 the first time you open a certain file type. Just choose veracrypt as the program to open the file and tick the ALWAYS OPEN WITH option.  Windows will not ask you again, once you have set the default program for Veracrypt Containers.

Note: If Veracrypt  is not listed as a program choice, you will have to "browse" to it.
For McKnife.
I I found a PC I use has Windows 10 pro. I tried to encrypt a file using this.  

Right Click on file, Properties/ Advanced.   As you indicated the the line 'Encrypt Contents to Secure Date', is NOT blanked out, indicating EFS is installed.
I tick this option. Then given choice to encrypt either 'file' or 'folder' I select  to encrypt the file, not the folder.
 I click 'apply' and 'ok'.
 I click on 'details' and see thumb certificate (
something like B(CD7B28333...)
What more should I be doing, as when I reach this  stage I thought the file would be encrypted. However it is not encrypted. When I click on the file it opens straight. When I reboot the PC  the file is still not encrypted.
It is encrypted to a certificate that belongs to your user, which means, it automatically unlocks when your user tries to open the file. That is how EFS works, nice and easy. Now try top open it as another user (copy it to a public folder) to verify.
Thanks for that. I logged in as Administrator and could not open the file.  Thanks for putting me right on this. Much appreciated. Am a pensioner and brain cells are not  what they used to be. But I will now be able to do what I want with regard to encrypting files.
Now I can encrypt documents / files using EFS, but I still want to also use VeraCrypt. I went through the instructions  (Beginner's Tutorial - How to CREATE and USE a Veracrypt). I think I am find as far as the point when I receive the message that 'you have successfully created a VeraCrypt volume.'  I may be going wrong in the next steps.  STEP 10 tells me to select a drive from the list of Drives.  I select M.  It also tells me to 'Click Select File ... the standard file selector window should appear'. It does appear and I see the container.  STEP 11 tells me to 'Select the Container File' and click 'open'.  I do this. STEP 12 Says: 'In main VeraCrypt window, click "Mount". Password prompt dialog window appears'.  I do this and the dialog window appears.  STEP 13 says:  'type the password ( which you specified in Step 10).  But I did not specifiy a 'password' in STEP 10. I entered a password in STEP 8 (The Volume Password). I enter the Volume password and VeraCrypt does not object. I click OK. I am told that the Volume has been successfully Mounted as a virtual disk M.

Any what happens now is I go to My PC, locate the M drive. Click on it and open the Container. I put a Word file into this Container.
The container is supposed to be encrypted. However when I sign on as a different user (as Administrator), and locate the container, the Container is not encrypted and I can access and open the Word File.
Normal and expected.

You need to dismount the volume to protect it from other users on the same machine.
Eureka. I understand how it works now. Really must thank you for staying with me on this and guiding me. Much appreciated.
Got there in the end. Thanks to all
Fine. Now focus on backups of encryption keys and practice recovery at least once.