Ikeda

@iamikeda

Password Protect Sensitive Dropbox/Google Drive/iCloud/OneDrive Files

February 4th 2018

…And still have access to them on your phone.

The year is 2020 —Dropbox finds evidence that some of their core infrastructure has been compromised. Unauthorized persons have gotten access to millions of user’s files.

You get a collection letter in the mail from a crypto exchange you’ve never heard of claiming margin trading has put you in the red for $300,000. You get a phone call from the FTC and they inform you that they suspect your identity has been stolen. Your life suddenly spirals out of control as your identity has been commoditized and sold on the dark web.

Rewind. What could you have done to prevent this?

Having access to tax returns, credit reports, ID scans etc. anywhere is undeniably convenient. Dropbox has saved me countless trips back home just to retrieve my passport, for instance, when working with official matters. It also serves as backup storage. On the other hand, it can be dangerous — considering if someone gained access to your device, they have a nicely bundled treasure trove of your personal data to work with.

If you have certain extra-sensitive files on your cloud storage or just in plain local storage, you might want to add an extra layer of security to just those certain files.

Encrypting the files on your end ensures your cloud provider can’t peep in your files even if they wanted to.

Best of all, you can still have convenient access to the documents and photos on mobile with the setup described below.

The hard way: use symmetric PGP encryption.

OpenPGP is a widely accepted standard and fits the bill for generic file encryption.

Unfortunately, PGP decryption is not something built into our phones. Which means to do the decrypt files on our phone later, we would need to install specialized apps.

I won’t go into gross detail on how to use PGP encryption and instead we’ll dive into an alternative simpler approach that most likely wont require installing anything additional.

A better way: PDF encryption.

A method that will work more universally without specialized apps, is password-protected PDFs.

A PDF can hold anything you like: documents, pictures, scans whatever — and it’s a format that both Androids and iPhones handle natively, even in encrypted form with a password.

Once you convert your most sensitive documents to PDF and password protect them, you will be prompted on your phone for the password to open them.

Voilà.

This is how it will look when you access a password protected PDF in Dropbox on iOS (on Android the experience parallels).

A healthy dose of peace of mind, in exchange for a sliver less of convenience!

Via Command Line (Mac/Linux)

Mac pre-requisites

$ brew install qpdf imagemagick

Linux pre-requisites

(make sure qpdf and ImageMagickare installed)

Linux/Mac instructions

  1. To convert an image (using ImageMagick)
$ convert in.jpg out.pdf

2. To encrypt (user-password is the important one for viewing/opening the PDF, owner-password can be left blank)

$ cat encrypt_params
--encrypt
user-password
owner-password
256
--

(qpdf > v7)

$ qpdf @encrypt_params in.pdf out.pdf

(qpdf < v7, not recommended)

$ qpdf --encrypt user-password owner-password 256 -- in.pdf out.pdf

Note: To do both things a heap of images (zsh syntax)

$ for x in *.jpg; do no_ext=${x:r}; convert $x $no_ext-tmp.pdf && qpdf @encrypt_params $no_ext-tmp.pdf $no_ext.pdf && rm $x $no_ext-tmp.pdf ; done

Via GUI (Windows/Mac)

It’s possible to convert images to PDFs using PowerShell with gm.exe (graphicsmagick), but it’s pretty hard to password encrypt PDFs using PowerShell. So here are instructions using Microsoft Office.

Windows

1. Open in Microsoft Office then File > Create PDF/XPS Document

2. Check Encrypt the document with a password

3. Confirm the password in the dialog box

Mac

  1. Open in Preview and press File > Export as PDF…

2. Check Encrypt, fill out the password fields, then Save

P.S. Your password should definitely consist of more than four characters.

Now go forth and encrypt! And help your less computer-savvy friends and family encrypt too!

More Related Stories