EncFS for OS X Yosemite

securecloud It’s about time I updated my instructions for installing and running an EncFS filesystem on Mac OS X, synchronised to Dropbox. Use a combination of FUSE for OS X, EncFS, Dropbox and DropSec to create and maintain a super-secure filesystem which syncs with the cloud, while maintaining

  1. Download and install FUSE for OS X (the MacFUSE compatibility layer is not required)
  2. If you don’t have it already, install the Homebrew package manager
  3. Download and install EncFS (v1.7.5_1 at time of writing) and any dependencies, it’s as easy as ‘brew install homebrew/fuse/encfs
  4. Download DropSec, extract DropSec.app from the archive and copy it to your Applications folder

To create a new encrypted volume (stored locally at first to prevent your EncFS key from being synchronised with Dropbox):

encfs ~/Desktop/_Encrypted ~/Documents/_DropSec

Answer ‘yes’ when prompted to create the new folders and choose ‘p’ for pre-configured paranoia mode (256-bit AES encryption). Enter a secure EncFS password when prompted and you’re done. Now the filesystem has been created we can deal with securing the key.

umount ~/Documents/_DropSec
mkdir ~/.keys
mv ~/Desktop/_Encrypted/.encfs6.xml ~/.keys/dropsec.xml

The commands above move your key from the EncFS filesystem into a hidden folder in your (local) home directory Now move the entire ~/Desktop/_Encrypted folder (minus your key) into your Dropbox:

mv ~/Desktop/_Encrypted ~/Dropbox/

To mount the secure filesystem run the DropSec app from your Application folder. The first time you run DropSec it will prompt you for your EncFS password which it stores in your local login keychain. The password must match the secure password you set earlier.

When the secure volume is mounted a DropSec folder with a padlock icon will appear on your desktop. If it doesn’t, check that you have ‘Show Connected servers’ checked in Finder preferences.

To mount or unmount the encrypted volume simply run the DropSec app. For convenience copy it to your Mac OS dock for quick access.