Can You Encrypt Files In Google Drive

[Sandee Embree]

GoogleDrive is generally a secure way to store data on the cloud, but as with any cloud service provider, you are not necessarily the only person with access to your data. Google owns the servers that host your data, after all, and that means Google can access them.

In simple terms, encryption takes the contents of a file and scrambles them to the extent that they cannot be read or used, and reversing the process without the encryption key is virtually impossible.

This scrambling is performed via a mathematical algorithm using a string (like a password) as a seed for the scrambling algorithm. The encrypted file has a public key attached, which, combined with a private key only you possess, can decrypt the file and make it readable and usable again.

Google, by default, uses AES256 encryption for all data created in Google Docs or uploaded to Google Drive, applying this encryption to data in transit and at rest. However, this is server-side encryption. Anyone with legitimate access to your account can still see the files in unencrypted form, which includes you, anyone with access to your account (legitimate or otherwise, as long as they have your email and password), and Google employees on their auditing and security teams.

Some kinds of Google Workspace accounts have access to client-side encryption. This encryption is limited to Work and School accounts of various types. Admins must enable client-side encryption on these accounts to take advantage of this feature.

Most of these disabled features use external or tertiary services, which cannot access your encrypted data as a security measure. Rather than try to maintain secure encryption control across dozens of services, Google simply disables the features instead.

The first available option allows you to encrypt any given file or folder before uploading it. The resulting upload will be smaller than the original file or folder, will be a single self-contained file (or split into .part files if your file exceeds the single file size limits of Google Drive or you want it broken into multiple parts), and can use a variety of different encryption protocols.

The downside to this method is that you can only access the stored version of the file by unencrypting and uncompressing it. This limitation means you have to download and extract the contents of the compressed file, which can be time-consuming and uses up bandwidth in situations where you may be limited on speed or data transfer quotas.

On the upside, this allows for a relatively secure data transfer. You can share an encrypted zip file with someone else and provide them the password through another means, such as email or in person.

This method requires you either manually encrypt each file one at a time, or encrypt a folder containing multiple chunks of data. For example, you could encrypt each song in an album separately or encrypt the album as a whole. The latter would prevent anyone from accessing an individual song and require them to download the entire album, even if they only wanted to access a single song.

Cryptomator is another app that works similarly, encrypting data and storing it on Google Drive, allowing decryption only by other devices that have the same access via Cryptomator. One difference here is that Cryptomator also has Android and iOS apps, which helps increase the versatility of your encryption.

Make sure you pick strong passwords for your accounts. Research suggests that changing passwords too frequently is a bad thing, so if you already have a strong and unique password for your Google account, consider investing in additional layers of security instead.

What is your preferred way of encrypting files and folders on Google Drive? Did I leave any techniques out, or do you have anything to share? Please drop a comment in the section below! I take the time to read and reply to every comment I receive, and it would be great to get a conversation started on this topic to help others.

All files uploaded to Drive or created in Docs, Sheets, and Slides are encrypted in transit and at rest with AES256 bit encryption. For additional confidentiality, your organization can allow you to encrypt Drive, Docs, Sheets, and Slides files with Workspace Client-side encryption. Encrypted files have some limitations from standard files. You can also upload any Drive file types like PDFs and Office as encrypted Drive files.

I recently got a pic built for me by my uncle and I took all my actions the .atn and all my other Photoshop file that I had stored on my old PC and put them in my external hard drive to back them up. The problem is it will not let me take them off the external hard drive now and into the new computer it keeps saying I don't have permission to do so even though I've changed the permissions already....

I'm not sure what this is but it shows that the only certificate for the files is from my old PC is there a way to give it a certificate from my new PC or give my new PC the certificate from the old PC and if so would this possibly fix the problem

Certificates are designed to be highly secure, and unrepeatable. If lost, the certificate and files are gone forever. However, there may be a recovery certificate on the old computer. This is something to check with the maker of your security software, we are way outside our comfort zone here and it's nothing to do with Photoshop. I suggest you go back to your original PC and copy the files to a USB key. I suggested that before, I don't see why this should take more than a few minutes (unless the original machine is dust in which case so are these files). If you turn on disk security in future be sure to read all instructions and keep any backup certificates... I've been caught that way before.

The problem is: he has had all uploads encrypted with rclone and uses rclone mount. So far I have always copied files from one Drive user to another with the help of a self-made Google Apps Script. This does not copy physically, but only virtually. However, the owner of this virtual copy actually becomes the user who executed the app. This copy is not affected if the original is deleted or similar. This solution had the advantage that no traffic was generated and approx. 100 GB / minute (the larger the individual files, the more; the smaller, the more less) were copied (still, each copied file counted towards the 24-hour limit of 750 GB).

Do any of you have a suggested solution? If not, can I create a profile with the encrypted folder and a profile with my drive in rclone and then rclone copy from profile a to b? Or would rclone not decrypt on-the-fly but pass on the encrypted files 1: 1?

Do you have a solution?

Like: rclone processes the external list of files

or:

A possibility to move the correct files in the source into * one * central folder (but this is only possible during rclone mount). So you would need a program that looks for these files (i.e. processes the list) and then moves them

Now I have plenty accounts to do the copy job, as Google allows only 750 GB per 24 hours. All 20 accounts have reading access for the source and writing access for the destination.

Do I need to create a remote for every account or can I change it more easily after hitting the daily account upload limit?

What is the smartest way to go about ensuring that even if someone could steal my MacBook or iPhone, and also could have my login password, would not be able to use the files I have uploaded on iCloud?

Tip #1: Choose a very, very strong password and when you use it for the first time it'll give you the option to save the password in your Keychain. Once the password is saved in your Keychain it'll open automatically on your personal computer without the need to enter the password each and every time.

Thank you. Would that address the situation in which someone gains access to iCloud.com (not from my Mac)? In that case is the data on iCloud.com encrypted and they would not be able to do anything with it?

+if I need to add new files to the encrypted folder created as you describe, how do I do that? I would of course do it on my Mac then re-upload the encrypted folder to iCloud, but how do I add files to that encrypted folder?

If instead of fully encrypting the hard drive or encrypting the partition on which Windows is installed, I just encrypt a partition where I store my sensitive information, will it increase the chances of my data getting stolen(in comparison to the other alternatives) if my device gets stolen?

If you have a recovery partition in your disk, this one should not be encrypted, but you should encrypt all windows partition be them system or data if you want to be super safe, or only the sensitive data partition if you can accept that an attacker could find traces in temp or swap files.

The initial encryption time does not really matter IMHO. It happens only once. But 10 hours for 150 Gb seems rather weird. SATA disk io throughput should allow around 100Mb/s, so encrypting 150Gb should not exceed a couple of hours.

Encrypt the whole disk. The overhead is negligible, and you don't have to worry about someone stealing your computer and having all your data. And if you have to send your computer to repairs, you don't have to worry about stolen files or compromised applications.

Another benefit is that all data is encrypted by default, so you don't need to keep a mental process of copying sensitive data from the unprotected partition to the protected one. And if you need double protection, create a VeraCrypt volume and use it.

One benefit of encrypting only a partition vs the whole drive is that you can encrypt/decrypt the partition while using the system for other tasks, so you can encrypt it "on demand" so to say, but if you encrypt the whole disk it's decrypted every time you start up and authenticate the system.

3a8082e126