Instructions 

Boxcryptor - data encryption in cloud services. Encryption for Dropbox. Dropbox: file synchronization - simple, but not secure Encrypted Yandex disk access program

Dropbox users save a million files every 5 minutes. In total, 25 million people use the service. At the same time, the creators do not guarantee the inviolability of your data, and the authentication system has already failed.

background

On June 19, Dropbox hosted a kind of "open day". Within 4 hours, anyone could log into someone else's account using an arbitrary password. The creators of the service might not even have noticed the problem if the information about the vulnerability had not been published by an independent security researcher (pastebin.com/yBKwDY6T). This is not the first time that this is not the first sensitive story related to the security of files that users from all over the world are so willing to trust. cloud storage Dropbox.

Here it should be recalled that from the very beginning of the existence of the service, the developers assured users that they were responsible for data security. So, during synchronization, all files are transferred exclusively over a secure SSL connection, and are stored on the server in encrypted form (AES-256). Having changed recently Terms of use, the same people made it clear that they only restrict access to files for their employees, but if necessary, including at the request of law enforcement, Dropbox will certainly provide access to any user's account. Here is the encryption.

I am not paranoid and I have nothing to hide, in general, but I absolutely do not want to open my personal files to anyone. Also, I've always been unhappy with the fact that the data is in the clear on every computer that is synced with my Dropbox account. It's time to fix this mess.

Raising EncFS

In fairness, it should be said that the service has an official wiki (wiki.dropbox.com) where specific tips for security tuning are given. The ironclad truth is that the data must be encrypted on the local machine, and transferred to the cloud already in encrypted form. In particular, it is proposed to place a TrueCrypt or FreeOTFE container in the Dropbox folder and store all confidential documents inside it. The method is effective - you can’t argue: even if the account is compromised, the attacker will not be able to decrypt the data. And everything would be fine, if not one "but". With this approach, you can forget about rational file synchronization: when any document changes, the entire cryptocontainer will be synchronized, no matter what size it is (for example, 1 GB). In addition, in this case, an important Dropbox option is lost, which allows you to roll back any changes and return to an arbitrary version of the file.

Fortunately, a more elegant solution is offered in the same wiki - use file-by-file encryption, that is, apply cryptography for each of the files separately. EncFS, the virtual cryptographic file system, is perfect for this. When mounting EncFS, the source directory (source directory with encrypted files, which can be located in Dropbox) and the mount point are specified. After mounting, each file in the mount point directory corresponds to a specific file from the encrypted directory. Thus, you work with files in clear text, and EncFS transparently places their encrypted versions inside Dropbox. Because each file is encrypted individually, Dropbox can sync changes incrementally for each file. This is a very good technology that has been used under Linux for a long time and is based on the FUSE (Filesystem in Userspace) technology, which allows programmers to create virtual file systems. Despite its roots, it can now be successfully used under both Mac OS X and Windows. Let's start with the last one.

Windows

After an unpleasant story with the Dropbox authorization system, enterprising German guys quickly released the BoxCryptor utility (www.boxcryptor.com), which creates a virtual cryptographic disk in the system. Each file placed on it is automatically encrypted using the AES-256 standard.

Physically encrypted data is placed in an arbitrary directory, for example, in the Dropbox folder, while on a virtual disk they are in clear text, and they can be accessed from any application without any problems. The developers acted very wisely and did not reinvent the wheel, but simply implemented the main features of EncFS for use under Windows. And although BoxCryptor does not yet support all the features of the technology, it is quite enough for reliable data protection.

After installation, the application automatically detects the folder used by Dropbox and offers to place a directory with encrypted files in it. To encrypt data, you need to come up with a passphrase, as well as select a letter for the drive on which the files will be located in open form. If you do not want the data to be in plain text without your knowledge, you can not save the password and enter it every time you mount the disk. By checking the box next to "Advanced Mode", you will get access to some fine tuning BoxCryptor. This may be required in particular if there is a need to use Dropbox's ability to rollback to previous version file.

The fact is that BoxCryptor also encrypts file names by default, turning them into abracadabra, thereby interfering with the versioning system implemented in Dropbox. Therefore, if you need such an opportunity, then file name encryption will have to be disabled.

From now on, you should see the BoxCryptor directory inside your Dropbox, and the system should have virtual disk(I have X:). Now you have a folder in Dropbox where you can store confidential files. There are two important rules to remember here. First - never save files directly to the BoxCryptor directory, this is the place where data is stored in encrypted form (and synchronized with the cloud in the same form). Therefore, it is necessary to work with documents through the same virtual disk. And second, never delete the encfs6.xml file from the BoxCryptor folder. It contains important information for EncFS, which is necessary in order to decrypt the data. In the free version of the program, you can create a logical partition with a capacity of no more than two gigabytes, that is, exactly the same partition as Dropbox provides by default. In case this restriction does not suit you, and you don’t want to pay money, there is an open implementation of EncFS for Windows - encfs4win (gitorious.org/encfs4win). In it, of course, there are no restrictions.

The basis, as in the case of BoxCryptor, is the Dokan library (dokandev.net), which is an analogue of FUSE under Windows and is necessary for mounting third-party file systems in the system.

linux

In many Linux distributions everything you need to use EncFS is built in by default, but that doesn't always make things easy. It is important to use the latest development version (>= 1.7), which has a number of bug fixes. And in many distributions, unfortunately, an older release is shipped (most often 1.6). This, for example, concerns Ubuntu 10.10, which is installed on one of my laptops. There is no big problem here. You just need to install new version EncFS and, for the convenience of working with it, the Cryptkeeper GUI utility:

sudo apt-get install encfs cryptkeeper

After the installation is complete, we can launch Cryptkeeper through the Applications - System Tools - Cryptkeeper menu and import the encrypted directory:

  1. In the notification area, select "Cryptkeeper - Import EncFS folder".
  2. Next, specify the directory where the encrypted files are located (that is, the BoxCryptor folder).
  3. And we determine the desired mount point through which we can access the data in the clear.

After that, an item will appear in the Cryptkeeper menu to quickly mount an EncFS volume: for example, "Cryptkeeper > /home/step/Documents/Safe". After entering the password, the volume we need with the decrypted files will appear in the system. It was possible to do without any GUI utilities by simply connecting the EncFS volume in the console:

encfs ~/Dropbox/BoxCryptor/ ~/BoxCryptor

The first parameter specifies the location of the encrypted volume, and the second parameter specifies the clear file mount point.

MacOS X

Installing EncFS under Mac OS X is perhaps the most difficult to implement due to the need to install additional tools. But it still won’t take much time, and the installed tools will still come in handy more than once. The main snag here is that all the distributed EncFS binaries for makosi are hopelessly outdated, so we will have to build everything manually.

The procedure here is:

1. To immediately get a compiler and other necessary tools to build EncFS, it's best to install the development package. xcode(developer.apple.com). The free 3rd version is ideal.

2. Next, you need MacFUSE (code.google.com/p/macfuse), a ported version of the FUSE project for Mac OS X, which in turn uses EncFS. Just run the downloaded MacFUSE.pkg and the installer will do everything for you.

ruby -e "$(curl -fsSL https://raw.github.com/gist/323731)"

4. Now we can download the EncFS sources and build them on our computer. Homebrew will do everything for us, loading all the necessary dependencies (we installed it for a reason):

brew install encfs

5. All - EncFS in the system! You can go to the terminal and mount the BoxCryptor directory to the system (most often it is ~/Dropbox/BoxCryptor) to the folder where the files will be located in open form (say, ~/Dropbox/BoxCryptor):

encfs ~/Dropbox/BoxCryptor ~/BoxCryptor

The excellent GUI utility MacFusion (www.macfusionapp.org) with the plug-in for EncFS support (thenakedman.wordpress.com/encfs) will save you from working in the console.

Choosing an alternative

BoxCryptor and EncFS aren't the only ones that offer an extra layer of encryption on top of Dropbox. Similar functionality (with AES-256 encryption) is also offered by SecretSync (getsecretsync.com/ss). Versions for Windows and Linux are now available on the official website of the project, and a release for OS X is promised in the very near future. True, the client is written in Java, and with all due respect to this programming language, I really don’t like any desktop applications implemented with it.

So we can say that BoxCryptor is lucky :). Let's try to look at the problem from the other side. Since the service itself does not fulfill the duties that we expect from it, then maybe just change it to something else? The task, whatever one may say, is not unique - there are a number of projects offering file synchronization between different computers and devices, but with a much greater focus on data security.

One of the most notorious of them is Wuala (www.wuala.com), which is positioned by the creators as "secure online storage". The service has been aggressively developing lately and offers almost all the same features that Dropbox has. Clients are already available for Windows, Linux, Mac, as well as iPhone and Android.

Wuala uses RSA-2048 for authentication and AES-128 for file encryption. Security also adds a distributed service approach to resource storage. The fact is that the service is based on a technology that reduces server costs by using idle resources. When a new file is added to the vault, it is encrypted and split into a large number of fragments. Guess where these fragments are placed? In the cloud and ... computers of other users. Yes, yes, the service offers users a program to “trade” their capacities. It's fair: if a user shares part of their disk with the Wuala network, they get additional space in the cloud (this requires the computer to be turned on for at least 4 hours a day).
In this way, hard drives Wuala users make up a distributed network that is used by the service to improve file download speeds, accessibility, and reduce its costs. Error correction algorithms and severe redundancy are applied to ensure that data is never lost. At the start, the user is allocated 1 GB for free, but he can upgrade his account through a referral program, attracting other people (just like in Dropbox), as well as “selling” his disk space. To tell the truth, I have not yet decided to completely switch to Wuala.

There are a few little things that still prevent it from doing so. There are several in my Dropbox folder shared folders, which we actively use with other employees to collaborate on documents. This means that everyone will have to switch to Wuala.

Application for mobile phone, although it provides access to files in the cloud, it is still very limited in capabilities. And the interface for accessing files through a browser is implemented through a lame Java applet. Therefore, a bunch of Drobox + BoxCryptor is my choice for this moment. Everything works, everything is familiar, everything is safe - in short, I like it.

Access to encrypted files via the web

When using BoxCryptor, you will no longer be able to view protected files via the web. More precisely, you can download them, but only in encrypted form. The Portable version of BoxCryptor can help out, which will help decrypt files downloaded from the cloud. True, if you have not disabled file name encryption, then finding the documents you need can be oh so difficult. Have this in mind. In general, the Portable version of BoxCryptor is intended for use in situations where the user has limited rights in the system. She, by the way, gets along well with Dropbox's relocatable assembly - DropboxPortableAHK (dropportable.ho.am).

Dropbox fail chronicle

April 7- Researcher Derek Newton has blogged (bit.ly/dropbox_fail) some details about Dropbox authorization. It turned out that the program stores all information for authentication in the config.db file. It is located in %APPDATA%Dropbox and is a SQLite database.

Among many other fields, one of them - host_id - is the most interesting. It is determined by the client after the first authorization and does not change over time. And here is the ambush. Its value is not tied to the system in any way. By copying config.db to another machine, an attacker easily gains access to someone else's account data. Without notifying the user! Moreover, even if the user changes his login and password, nothing will change either - the host_id will still remain valid. At the moment the ID is bound to specific device and can be revoked via the web interface.

April 19- Dropbox changes the user agreement, directly stating that, if necessary, it can decrypt users' files and provide them for investigation under US laws.

26 April- an open Dropship project appears on GitHub (github.com/driverdan/dropship), which allows you to quickly get any file that is in the Dropbox cloud in your account. All that is needed is to know its hash. The author, Vladimir van der Laan, was immediately contacted by the chief technical director of the service and politely asked to remove the source code. Users of the program reacted by creating numerous mirrors of the project on github and on Dropbox itself. Within a short time, they also received a request from a Dropbox representative to delete the project files immediately.

June 19- a release with a serious vulnerability in the authorization system was launched into the service. As a result, any user could log into someone else's account without knowing the password. Dropbox justifies that in the time it took to fix the vulnerability, less than 1% of users were signed in.

Data located on a hard drive, USB flash drive, and external media is best encrypted using VeraCrypt. The program is based on the famous TrueCrypt tool, but offers even more features than the previous version.

A follower of TrueCrypt called VeraCrypt will fully encrypt your drive

To use external storage media, encrypted data containers are created on disks. These containers consist of a single file that only opens its contents with VeraCrypt and the correct password.

To create a container, select the option "Create an encrypted file container" in the main menu of VeraCrypt and follow the instructions of the program. Installed in your PC HDD you need to encode completely including windows system.

This has a decisive advantage: by physically accessing your system, hackers will not be able to change your Windows password and gain access to your data. To do this, in VeraCrypt you need to select the option "Encrypt the system partition or entire system drive".

Mobile Device Protection

To avoid having to enter a complex password every time in iOS, use the Touch ID fingerprint sensor on iPhone smartphones 5s, 6/Plus, 6s/6s Plus, SE

In order to protect your data in devices under Android control and iOS, you will have to encrypt the system. Apple is already standard. Even the FBI can't crack their cipher. This is clearly demonstrated by the recent case when the competent authorities tried to consider the terrorist's iPhone.

According to experts, the agents could not crack the code, they simply restored it using the "brute force" method. To avoid such interference without much difficulty, instead of a four-digit number for access, you need to use a complex password.

To do this, go to "Settings | Touch ID and password | Change Password" and click on "Password Options". Here, select "Custom code (letters + numbers)". Even the FBI, with its capabilities, would take decades to crack such a password.

Android devices are not initially encrypted. You will have to resolve this issue in manual mode

The only thing left for the intelligence agencies is to read the saved password backup in iCloud. Therefore, our advice is this: create only local backups through iTunes.

And only you will have access to them. You can get rid of the backups already in the cloud by deleting everything saved in “Settings | iCloud | Storage | Manage | Backups” via “Delete copy” from Apple servers.

To enable encryption when using android, select Settings | Security" and then "Encrypt phone". But be careful, just like with iOS, your data will be lost if you forget your passcode!

Cloud encryption

If your data is in cloud storage, such as Dropbox or GMX, there is a possibility of third parties accessing it. You can protect these accounts with the Boxcryptor () program. It encrypts the contents of Dropbox and other services using its own code.


Boxcryptor will protect your data in all major cloud services

To access your data, you will need the Boxcryptor software and app on all your devices. The tool integrates into the system and conveniently encrypts or decrypts data in the background. In addition, the manufacturer indicates that he does not own the encryption keys. If you forget your password, you will lose your data.

The last article from this column, in which I will touch on the topic of cloud storage, such as Dropbox. Cases of hacking cloud storages have already been known, so you will have to forget about the security of your data, more precisely, if you do nothing, of course.

AT this material I will show you something interesting software, which will protect your files in the cloud. This utility is called BoxCryptor and helps to create a virtual disk that can immediately encrypt the necessary data using the AES type.

Advantages of the program

  • Ease of use;
  • The presence of a free version, but you can purchase a paid one;
  • Interaction with almost all cloud storages;
  • Reliability of the program;
  • Work only with separate files, not with containers.

BoxCryptor does its job well and file encryption is instantaneous, as is decryption. If your password suddenly got to ill-wishers, then for them the files will still be unreadable.

Before using, you need to figure out which version you are ready to use. If you are not going to pay, then free version is suitable for you, although it has a slightly limited functionality in that you can work with only one virtual disk. In the unlimited version, you can work with multiple drives and folders, it is possible to encrypt file names. This version costs $40.

Previous articles:




Installing and working with BoxCryptor

You can download the utility on the official website. Click there button Download Boxcryptor. The program installer will then load. You shouldn't have any problems installing the program.

After installation, we are prompted to register. Click the link below "Create Boxcryptor Profile".

Enter your first name, last name, email address, and password. We press "Next".

In the next window, a message appears stating that losing the password threatens you with bad consequences, that is, you will not be able to recover the encrypted data. Check the box and go "Next". The registration process will begin.

We are prompted to choose a version. I will choose Free, which is free.

Now you need to log in to your account and we can start working with the program. We will see a welcome window, and then a virtual disk will open, I have it marked with the letter X. If you do not have any Cloud software installed on your computer, you will have to do this, otherwise the program will remind you of this. You will also see the "BoxCryptor Tutorial" window. If you have never worked with such programs, then study it.

Now you need to do the following: go to the virtual disk and see the cloud service folder there, in my case Dropbox. I open this folder and encrypt some directory there. To do this, click on it right click the mouse will go to the Boxcryptor section and select the item "Encrypt".


A window will appear with a warning about closing all open folders and encrypting files inside a folder. A message will appear indicating that the operation was completed successfully. We press OK.


Now the folder will be with a postscript "_encrypted". The files that you transfer there will be encrypted immediately. Note that if you upload files to the cloud not from a virtual disk, they will not be encrypted. You can encrypt not only folders, but also any files.


If you want, you can specify the permissions for the encrypted file or folder. To do this, select "Access rights management". So, you can add a trusted user who can use encrypted data.


When you open an encrypted folder from Dropbox, you will see real protected files that you cannot work with. You can only do this from a virtual disk.


To remove encryption, click on desired file or folders with the right mouse button, go to "Boxcryptor" and select the item "Decipher".


A warning will appear, in which we press "Yes". Decryption is done instantly. By the way, if you wish, you can rename the encrypted data.


That's all I wanted to tell you about data protection in cloud storage. There are a lot of such programs and it makes no sense to analyze them all. Moreover, focusing on this article, you can do it yourself.

Cloudfogger software.

The salvation of the drowning is the work of the drowning themselves (folk wisdom).
You probably already know that a law is coming into force soon, which obliges all Internet companies, including those that provide cloud file storage services, to store users' personal data (in our particular case, these are files) on servers located on the territory of the Russian Federation. Motivation, as always good. Allegedly, all foreign services are required to provide data to American intelligence agencies, and, like, it’s not good that the National Security Agency (NSA) owns all the data about users from Russia. Even if they provide such data (which I highly doubt), then it should be “purple” for an ordinary user, because he is under the jurisdiction Russian Federation, not "Pindos" (Pindos- shtatovsky, american) and OUR user needs to be afraid, on the contrary, of those who can “show” something to him (for the data he stores) in OUR country. The logic of the adoption of this law becomes clear when you open the second, recently adopted law number 97. Now, as part of the implementation of law No. 97 "On Amendments to the Federal Law" On Information, information technology and information protection” all Internet companies (including cloud file storages) are required to provide law enforcement agencies with data about users and access to the files they store. The circle is closed. We are under cover.
If there was a guarantee that our data would not be widely available, well, figs with it, let them “have” (in the sense of access), but bearing in mind that in our country, everything is bought and sold ... (remember about sold on the "pink" and "savka" (radio market "Savelovsky") traffic police databases or mobile operators), to become somewhat unsettled. It is quite possible that a “black” market will soon appear on the Internet, where it will be possible to “order” information about any person for a certain amount (including information about what he stores in his cloud file storage). This is one side of the problem. The second side of the problem is even more real. Everyone has been hearing about the recent scandals of posting intimate photos of celebrities online, which they stored in iCloud cloud storage.


The photos were stolen by one of the hackers. By the way, he received a ridiculous amount from customers for this, he was paid only 120 dollars. The amount is quite lifting for our country ...
I hope I convinced you that it's time to think about how to protect your data (stored in the "clouds") from strangers. by the most effective way, in my opinion, is file encryption.
After all, even if an outsider opens / hacks your file storage, then he will not be able to open / download encrypted files (photos, documents, videos, and so on)!
You can encrypt files on the "clouds" special programs. I recommend one of the best free program called CloudFogger. It provides you with complete privacy with 256-bit AES (Advanced Encryption Standard) encryption of the files you store in your cloud storage. Cloudfogger uses transparent encryption, making daily use of files in the sync folder located on your computer hassle-free, you will still have easy access to your files, and at the same time, all files are securely encrypted when they are uploaded by you to the "cloud". ". It is also important that the program is very easy to use, and that there are applications for all popular operating systems(Windows, Mac OS X, Android and iOS). Let's move on to practice.

Installing and using the CloudFogger program.

We go to the website of the developers of the CloudFogger program using the link and download setup file. The site is in English. I recommend you go through Google browser Chrome. This browser has an automatic translation feature.


Launch the CloudFogger installation.


Installation is simple (see below).










CloudFogger is installed. Let's put it to work.


When you first start you need to go through a simple registration process.


Fill out the form and come up with a password (password) to access the program, as shown below.


An email containing a confirmation link will be sent to the email address you provided during registration. We go through it and confirm the registration.




You will learn in detail how to use this program by visiting the Knowledge Base section at the link. Again, the site is in English. Login via browser Google Chrome. This browser has an automatic translation feature.


But let's continue with the settings.
At this stage, you can add a synchronization folder with your cloud storage to the program (or several if you have more than one). This will allow you to automatically encrypt all files.






If you share your cloud file storage with someone, you can give them access to your files. To do this, add the address mailbox in the program window at this stage of its configuration.


In principle, this can be done later.
The program is installed and configured. Ready to go.


Now, on the cloud file storages you added to the program, all files will be encrypted. And no one, even by opening or hacking your "cloud" will be able to get to them!
By the way, it is not necessary to encrypt all data. You can manually, only certain files. For example, your intimate photos. In this case, when setting up the program, we skip the point with adding cloud file storages to the program.
Manually encrypting files is easy. Open the cloud sync folder. Find the file or folder to be encrypted. Right click on the file or folder and context menu select "CloudFogger". Next "Fogg faile(s)".


The file/folder will be encrypted both in the "cloud" and in the sync folder.




I repeat, in the synchronization folder you will have easy and comfortable access to encrypted files. Their decryption is done on the fly.

On the official website of the program developers, download and install applications to access encrypted files from your other devices connected to the cloud storage, for example, install the CloudFogger application on your tablet or smartphone.

Dear community!

But we should start with an overview of the current situation.

There are clouds in which you can store a lot of different information. Sometimes it's free. It's tempting. A lot of services are just struggling to give you as many gigabytes and features as possible. However, it must be understood that free cheese only happens in a mousetrap. The danger lies in the fact that you transfer your files for storage to someone else's uncle with intentions unknown to you. And the danger of files, as an object of information, lies in the fact that you can make a copy of it and you will not know about this fact. Also, files can be analyzed for different purposes. In general, a lot of things.

Adhering to the point of view "I have nothing to hide, let them look" - they may not read further. Continue enjoying recent iCloud photo leaks, cloud removal of unlicensed content, and more. Those who care about the confidentiality of their personal lives and, in general, it is unpleasant to peep at you through the keyhole and put the big brother's hand into your personal affairs - read on.

Clouds can be used. But you have to do it right. The solution here is data encryption. However, you need to understand that encryption is different from encryption. Many services scream that they have the most best algorithms encryption. But these same services are modestly silent about the fact that they themselves can access your data at any time. Therefore, the most correct option is the option of encrypting / decrypting data on YOUR side. Thus, the cloud always deals only with encrypted content. At the same time, the encryption client and the cloud service should not have the same owner. The ideal case is open source encryption client.

So what do we have with this approach:

1. The owner of the cloud never has access to the contents of your files. No way.
2. All nodes in the chain of your traffic do not have access to your data. This is, for example, the owner wifi hotspots cafe, provider, owner of trunk lines, grid admins at your work, etc.

This is great.

1. You have extra worries about encryption / decryption, extra load on the computer.

Who is more important. But let's agree that:

1. The cloud for you is not a corporate tool for work. Although there may be options in the form of distributing a password to colleagues.
2. The cloud for you is a repository of personal data.

Current state of affairs

1. At the moment, no service provides the above content encryption model. It is understandable, it is not profitable for him.
2. Googling, I was surprised to find that no one is particularly concerned about this problem. Perhaps the same trick is repeated with clouds as with social networks n-1teen years ago. When people, without thinking, posted everything about themselves on the net. Who is in what relationship with whom, where he served and worked. A gift to all special services and scammers.

Current options for solving the problem of securing your own files in the cloud:

1. Encryption provided by the cloud owner. Protects only from other users, not from the owner of the cloud.
2. Storing files in the cloud in password-protected archives or encrypted containers (such as truecrypt). It is inconvenient to use, because in order to make a small change or just download a file, you need to download / upload the entire container. Which is often not fast if it is big.
3. VPN only protects the communication channel, but not the content of the cloud.
4. BoxCryptor program. She can encrypt files sent / merged from the cloud. But its mechanism of operation is inconvenient. Do you have local computer there must be a synchronized copy of all cloud data. In this copy, you work with data, and the program uploads / merges them to the cloud in encrypted form. Synchronizes in general. Uncomfortable.

What do we want?

We want us to have a flash drive with us, insert it into any of our (or not our) computers with an Internet connection, and launch a certain program from it. A virtual disk appears in our system, by going into which (who is an explorer, who Total Commander) we will get into our account in the cloud. We see our files, we do with them what we need. And then we turn everything off and leave. But if we log into our account without running this magic program, then we (or an attacker, admin sniffer, cloud owner, etc.) will see a bunch of garbage - both in file names and in their contents.

As an option - install this program permanently on all your computers and forget about its existence and the need for periodic launch. This method will work with all types of clouds that support the WebDAV standard and allow you to store just arbitrary files that meet file system standards.

Googling, I found only 2 options for solving the encryption issue almost in the form in which I need it.

1. WebDav plugin for Total Commander. Adds cloud account in Total Commander and it becomes visible as a disk. to which you can copy files. However, it does not yet support encryption. My attempts to persuade the author to include encryption in it and to be the first Giesler to solve this problem were unsuccessful.
2. The CarotDAV program, which has already been written about on this site. She can encrypt files and names one by one. And everything would be fine, but it has an explorer interface, which is inconvenient.

And now, in fact, it happened for the sake of which I am writing this long post.

Actually, the program is easy, everything works as it should. But most importantly - now you can be sure that your files in the cloud belong only to you - while maintaining an easy and convenient way to access them.

I invite everyone who is interested and who needs such a program to join the testing.