Is my configfile save?

The Count

Hi, maybe a stupid question and asked before, but I can't find the answer. I'm using BoxCryptor to encrypt my Google Drive-files. But I noticed that the configfile of BoxCryptor is in the cloud too. Is it safe there? Is there an other place where I can put it, I mean out of the cloud? Because if someone gets my password he can access my Google Drive-account online and delete the configfile and then is everything lost.

Thanks in advance for you reply! :)

ehab

you can have that file residing somewhere else. lookup

For experts: Use an alternative configuration file

when you are creating a new box on the

Open an existing encrypted folder

window, hope this help even thou the config file with a large password is good enough.

The Count

Thanks ehab! I saw in the manual that you indeed can store the configfile somewhere else. That could be an option. But I can lost the still too then. Is it possible to keep the configfile in the cloud, but protect it with a password or even disable the option to delete it? That would be fine.

When I setup my BoxCryptor Drive the wizard gave me an option to backup the configfile. Can I restore this file, if my original file is deleted?

Robert

Hi!

the important parts in the config file are encrypted and secured by your password. So without your password, having the config file is useless. You can find more information in our Knowledge Base:

http://boxcryptorsupport.uservoice.com/knowledgebase/articles/35101-how-does-boxcryptor-encrypt-files-

As ehab stated, you can specify to use an alternative location for the config file in the advanced options. Please keep in mind however, that this currently breaks compatibility with our mobile apps for Android and iOS.

It is indeed a risk if someone else would delete the config file - but keep in mind that he could also just delete the encrypted files. You can always restore the backup file by copying it to the previous location of the config file. A short example:

Encrypted folder: C:\Users\TheCount\Dropbox\BoxCryptor
Config file: C:\Users\TheCount\Dropbox\BoxCryptor\.encfs6.xml
Backup file: D:\Backups\BoxCryptor-config.xml

Copy D:\Backups\BoxCryptor-config.xml to C:\Users\TheCount\Dropbox\BoxCryptor\.encfs6.xml in order to restore it.

--Robert

The Count

Ah, that's a good point indeed, that someone can delete the encrypted files too. So it's actually better that your browser doesn't automaticly login to the cloud. Because, if my laptop is stolen, now the thief still has to get my password to login on my account.

Moreover, I will swtich from Google Drive to SugarSync, because Google Drive logins automaicly and I don't know how to disable. On the top of that, you need a CreditCard to buy extra space and I don't have one. SugarSync supports PayPal, so this an better option for me.

So, big thanks for your help and this stunning tool. Finally I can save my files safe in the cloud. :)

user3912

@Robert

Are there any plans to store the .encfs6.xml file locally on a SD card / Storage Device for android / iOS in the near future so that the file is not stored in the cloud?

I personally keep a copy of this file with another provider, But would prefer the idea to not have it kept in the cloud in the long term (and setting it as advanced as per above). Or If I did store it, I could store it with an alternative provider to my main cloud service, to avoid any attempt whatsoever to brute force the passwords, etc.

The issue is that I would like to occassionally access the files on my android device, hence my question about storing the file on a SD/ Internal storage card to access from mobile devices.

I do not store passwords on my android device, hence I know it is quite safe, but I'm a "the safer the better" type of person.

linuxcat

@user3912 please vote for that http://boxcryptor.uservoice.com/forums/100207-general under the title 'File encfs6.xml located in other place different where encrypted files are located'. Currently on page 2.

FrankGfromW

Whereas I do not care if s/o deletes my config file I personally am unhappy too with a publicly readable config file.
How stupid was the idea to encrypt the config file itself with a (different! by e.g. using another salt) key derived from the password so it could be publicly stored w/o giving easy opportunity for unnoticeable brute force attacks?

joejaz

I have lost my configuration file ,but know my password,is there any way I can access my BoxCryptor Classic data ?

Robert

Hello joejaz,

I'm very sorry, but without the configuration file it is not possible to decrypt your Boxcryptor Classic data because the actual key used for encryption is stored in this file.

Which cloud storage provider are you using? Many of them offer some kind of "undeletion" feature which allows you to restore deleted files.
Which operating system are you using? Maybe the file is just "hidden".

Best regards,
Robert