As a follow up to my previous post on cloud security there is of course another option for storing your file securely: run your own files ☁️ cloud service.
This is not as hard as it seems. Here is how to do it step by step
The best option is to have your own physical server but this is not always doable or convenient (and it also adds the extra burden of backing up your files, updating the OS and the hardware etc.)
So if a physical server is not in the cards get a a virtual server (EC2, Rackspace, Digital Ocean, there are just too many providers to mention them all). I recommend running Ubuntu or Debian as these are widely supported and there are a lot of tutorials around.
I know, I know, a lot of services to host your own encrypted files cloud exist today. But let's go old school where you control every aspect of the process (who is going to read or audit the code used by these tools ? what about vulnerabilities) limiting the moving pieces. So all you need to access your cloud is SFTP that is normally installed by default (if not you can find plenty of tutorial to enable this on Ubuntu).
Since encrypting-decrypting is reserved for more sensitive data you can create multiple folders e.g. if you want to store some files that are not sensitive without encryption (say an article from the web that you just wanted to save for your future readings) you just create a normal folder and download/upload (or sync file with a good SFTP client) without having to decrypt the file.
Of course nothing prevents you to encrypt all your files and in this case you move to step 4. If, however, you do not wish to go too technical (as in Step 4) what you can do is create non-encrypted folders but upload your sensitive documents as 7zip encrypted archives or encrypted PDF files. In this scenario -- whilst your filesystem or folders are not encrypted -- your sensitive data is.
I will now save you tens of hours of research in finding the best tool to encrypt your files on your shiny, new linux server. Forget all these unmaintained scripts encrypting individual files etc. We are going filesystem here so on linux you have eCryptFS or the recommended and more modern FScrypt. It is easier to use and support your login passphrase (so you won't need a separate password to lock and unlock a directory). The setup info are available Here but here is a super quick guide:
sudo fscrypt setup sudo tune2fs -O encrypt /dev/sda2 fscrypt setup / # or your mountpoint mkdir secret # create a secret directory fscrypt encrypt secret Should we create a new protector? [y/N] "secret" is now encrypted, unlocked, and ready for use. ## you can now cd secret and make a file or drop some files cd secret joe secretfile.txt sudo fscrypt lock secret --user=USERNAME david@localhost:~$ cd secret/ david@localhost~/secret$ ls 3jdTiA0m0kjYbl+agwy1Pl1Kc,7EmvXnGsTxX1gp,cL
You now have the file encrypted until you unlock them which will make them visible again (and accessible with your SFTP client)
david@localhost:~$ fscrypt unlock secret Enter login passphrase for gurugeek: "secret" is now unlocked and ready for use. david@localhost:~$ cd secret david@localhost:~/secret$ ls secretfile.txt david@localhost:~/secret$