Google Drive Encryption FAQ
This page contains information on Syncdocs file encryption or encipherment.
Syncdocs can encrypt files it stores on Google so that they cannot be accessed online, unless the user has the right decryption password.
General Syncdocs security and privacy questions are answered in the Security and Privacy FAQ
- Here’s a quick start guide
- and there’s more detailed information on the encryption settings
- and information on secure sharing and syncing many PC’s
General security and privacy questions
How can I access encypted files in the Google Drive web browser interface
You can’t yet, you need a secure program on your PC to access them. We are working on web browser access, but it will not be as secure.
Encrypted Google Sheets, Docs and Presentations
Do not create files in Google Docs, Sheets or Presentations format inside encrypted folders, if you want to edit them online. Syncdocs will automatically convert them to MS Office format and encrypt them. You cannot (as yet) work with encrypted files online.
When you un-encrypt a folder (by un-checking the folder to be encrypted in the encrypted folder selection menu) two things happen.
1.The files are decrypted online on the next sync. Once these files are safely online, the encrypted files are removed on the following sync. This means un-encryption takes two sync cycles.
2.The automatic detection of encrypted folders is disabled. If you have other PC’s syncing, then you will need to disable encryption on that one too.
How are my files encrypted?
Syncdocs uses an encryption method called AES with a “military grade” 256 bit key.
The AES 256 option encrypts using the Advanced Encryption Standard as implemented by the Micosoft Crypto API with a 256 bit symmetric key. SHA1-HMAC is used to authenticate and verify the message as genuine and uncorrupted. Random data is added to the message to protect against some known ciphertext attacks.
Syncdocs is designed to support other algorithms and OpenPGP and AES 128 may be added in future versions.
Question: What program can I use to decrypt .g_encrypt_aes files encrypted by Syncdocs? (let’s say there is no Syncdocs software installed on that computer)
Or do I always need Syncdocs to “decrypt” these online files?
No, you can download the free standalone decryption and encryption utility from here. Just drag and drop files onto it to encrypt or decrypt (you’ll need to enter the right password of course).
Syncdocs keeps trying to upload an Office doc to my encrypted folder
Make sure you do not have the setting to convert files to Google Docs format. There is no way to convert to Google Docs format and also to encrypt online, so the upload will fail. Fix this by turning off the automatic conversion of .doc, .docx, .xls and .ppt to the corresponding Google Docs format in Syncdocs File settings.
What do all the settings mean?
See here for a discussion of the encryption settings.
For help on the sharing of encrypted Google Docs and folder selection settings see here.
I’ve forgotten my password, can you help?
No. Sorry, there is no known way to recover your data or password.
For this reason we recommend that you write down the password, and store in a secure place or password storage app.
What is the difference between encryption and Google passwords?
You Google password the password you use to access your Google accounts, and it gives you online access to Google Docs, Gmail, Google +, Picassa ettc.
Your encryption password is used to encrypt (scramble) your data, so that only someone who has this password can decipher it.
Password change sync
Passwords are not synced for obvious security reasons. If you change your encryption password on one PC, then you need to change it manually on all the rest. The same applies if you change the password on shared files, you need to tell others of this password change.
Folders with the wrong password will not sync.
The harder to guess your password is the more secure your data. A longer password, using a mixture of upper and lower case and symbols or a pass phrase with non dictionary word is more secure. Choose something you can remember, though. You can try the Microsoft password strength meter.
How do I share encrypted folders with other users or my other PC
There’s a guide on doing this here
I’ve installed Syncdocs on another PC/Account but don’t see my encrypted files! Why?
You need to enable syncing of encrypted files, which is not enabled by default, as not all users know your password. There’s help on doing this here
How do I share/get encrypted files with those without Syncdocs?
I shared a single encrypted file, but it isn’t working! Why?
Note that the encryption is folder based, you cannot share a encrypted single file, it needs to be in an encrypted folder. You will see the information message “skipping downloading encrypted file” on the other PC, if you have not shared the folder that it is in. This is because single files shared with you go to your top level (root) Google Drive folder.
Encrypting File System
My encrypted files are now Green in Windows Explorer!
This is because they are encrypted locally using NTFS EFS. You can turn this off in the Syncdocs Encryption Settings Menu
If you select local encryption as well (the most secure option), the Windows encrypting file system (EFS) uses your Windows account credentials to encrypt files locally. This key protects your local files in case you ever forget your Windows login. This Windows login and key are different from your Syncdocs and Google drive logins.
If this is the first time you’ve enabled Windows encryption, Syncdocs will get Windows to ask you to backup your key:
If you ignore this key backup request, you can always do it later by following these key backup and recovery instructions.
If you choose to also use local EFS encryption, we strongly advise that you do not ignore the Windows prompt to backup your key. If you forget your Windows logon or wipe or upgrade or re-install Windows then you will need it to access your Windows (not Google) files. If you neglect to backup your Windows credentials, but remember your Syncdocs password, then you can restore your files from Google Drive using Syncdocs, by quitting Syncdocs, deleting (or renaming) the encrypted folders, and re-running Syncdocs. Syncdocs will restore your files for you.
I have a new PC and can’t read the old green encrypted files, help!
The certificates are setup by Microsoft. They have a step-by-step guide for migrating certificates to a new account.
Did you you back up your certificates when Windows first asked for them? If so, you can simply copy the .pfx file to your new (Windows 10) PC and then double click on the .pfx file. It will ask you if you want to import them, and if you do you will then be able to read the old files.
If you didn’t backup your certificates, then boot up the old operating system, and back them up first to get the .pfx file – see creating a recovery certificate.
Encrypted file format
We use the Microsoft Crypto API implementation of the AES algorithm. The file has a header structure, and then the AES data block, so it can be decrypted by another program that uses AES.
In future we will release a web app, that lets you decrypt the file online, without Syncdocs on the PC.
We also plan to let the user use other encryption formats (probably OpenPGP). This is a widely used standard with many programs available for PC’s, Mac, Linux, iOS and Android that can create and read these files. The key setup for PGP is more complicated than AES, so we are looking at ways of making it easy to understand.
For more help, please look or ask on the forums.