05 June 2021

Is it possible store VeraCrypt encrypted container on Google Drive and Microsoft OneDrive?

Cloud drive is a best and simple way to protect the data from loss (second copy).

VeraCrypt (as TrueCrypt fork) is a good tool to protect the data from leake (encryption).

It is reasonable to use these technologies together. But this solution has several specifics:

  • Encrypted container (VeraCrypt volume) is a single file that can be large. How its changes will upload to the cloud?
  • Encrypted container does not change the size. How cloud tools notice a file change?
  • How many data VeraCrypt changes during on-the-fly encryption (OTFE)?

The first and main problem - by default VeraCrypt does not update "File Modified" date of the file. This leads to the fact that the file not uploaded to the cloud. This is demonstrated in the test №2. Neither Google Drive nor OneDrive updated the file in the cloud.

The solution is simple - disable "Preserve modification timestamp of file containers" option. Tests №3-6 prove that both solutions correctly update the container (after dismount). But the tests show a difference in their work - pay attention to the difference in "size of uploaded data" (measured using the NetBalancer tool). 


The second problem - size of data that cloud tools upload to the cloud after each change (Mount - Dismount). It all depends on the tool's algorithms. In my cases OneDrive transfers significantly less data than Google Drive (tests №4-6).

Pay attention that even simple action like Mount - Dismount leads to changes on the binary side (due to encryption) and force update data in the cloud.

Tests


Conclusions

  • Enable "Preserve modification timestamp of file containers" option in VeraCrypt to prevent .
  • Any changes of container will change the source (due to encryption) it will lead to synchronization.
  • Each cloud provider defines modified container blocks differently.


P.S. In all tests I used the following settings of the container:

  • Standard VeraCrypt volume
  • Never Save History
  • Encryption Algorithm: AES
  • Hash Algorithm: SHA-512
  • FileSystem: NTFS
  • Cluster: Default

No comments:

Post a Comment