Your files in Google Drive, Dropbox, OneDrive, and iCloud are not private. They are accessible to the provider, to any employee with sufficient internal access, to any government that serves a valid legal process in the provider’s jurisdiction, and to any attacker who compromises the provider’s infrastructure. The encryption these services advertise – “encrypted at rest,” “encrypted in transit” – protects the provider’s liability, not your confidentiality.
Server-side encryption means the provider holds the keys. They encrypt your files on their disks to protect against physical theft of hard drives and to satisfy compliance checkboxes. But the encryption is transparent to their own systems. They can decrypt your files whenever they choose – and they do, routinely, for content moderation, AI training, legal compliance, and internal analytics.
Client-side encryption inverts this relationship. You encrypt files before they leave your device. The cloud provider receives only ciphertext – indecipherable bytes they cannot read, index, or analyze. They become a dumb storage layer, which is all they should have been from the beginning.
This guide walks through four practical approaches to client-side encryption for cloud storage, from the simplest to the most architecturally robust.
The Principle: Encrypt Before Upload
Every approach in this guide follows the same fundamental principle: encryption and decryption happen exclusively on your device. The cloud provider never sees plaintext, never holds keys, and cannot comply with a decryption request because they are architecturally incapable of decryption.
This is zero-knowledge architecture applied to file storage. The provider knows that you store data. They know how much. They may know when you access it. But they cannot know what it contains.
The practical requirement is a tool that sits between your files and your cloud sync client, encrypting everything transparently on write and decrypting transparently on read. The tool must handle filename encryption (because filenames themselves are data), directory structure obfuscation (because folder hierarchies reveal organizational patterns), and key management (because losing your key means losing your data permanently and irrecoverably).
Approach 1: Cryptomator – The Transparent Vault
Cryptomator is the most accessible tool for encrypting cloud-synced files. It is open-source (GPLv3), audited, and operates on a vault model that integrates with any cloud sync client.
How It Works
Cryptomator creates an encrypted vault – a directory that appears as a collection of encrypted files to your cloud sync client (Dropbox, Google Drive, OneDrive, etc.). When you unlock the vault with your password, Cryptomator mounts it as a virtual drive on your system. Files you place in the virtual drive are encrypted with AES-256 in real time before being written to the vault directory.
The architecture:
Your Files (plaintext)
↓ [write to virtual drive]
Cryptomator Engine (AES-256-SIV for filenames, AES-256-CTR for content)
↓ [encrypted ciphertext]
Cloud Sync Directory (Dropbox/GDrive/OneDrive folder)
↓ [sync]
Cloud Provider (sees only encrypted blobs)
Each file is encrypted individually, which means cloud sync clients can upload changes incrementally rather than re-uploading the entire vault when a single file changes. This is a critical advantage over container-based approaches like VeraCrypt.
Setup: Step by Step
1. Install Cryptomator. Download from cryptomator.org. Available for Windows, macOS, Linux, iOS, and Android. The desktop applications are free. Mobile apps are paid (a one-time purchase that funds development).
2. Create a vault. Open Cryptomator and select “Add Vault” > “Create New Vault.” Choose a name and select the location – this should be inside your cloud sync folder (e.g., ~/Dropbox/Vaults/ or ~/Google Drive/Encrypted/).
3. Set a strong password. Cryptomator derives the encryption key from your password using scrypt. The password is your single point of failure. Use a passphrase of at least 5-6 random words (Diceware method) or a 20+ character password generated by a password manager. Store the recovery key that Cryptomator generates – print it, don’t store it digitally.
4. Unlock and use. Click “Unlock Vault” and enter your password. A virtual drive appears in your file manager. Drag files into it. They are encrypted before they hit the cloud sync folder. When you’re done, lock the vault.
5. Sync across devices. Install Cryptomator on every device that needs access. The encrypted vault syncs through your cloud provider. Unlock it locally on each device with the same password.
Cryptomator: What It Protects and What It Doesn’t
Protects: File contents, filenames, directory structure (flattened into encrypted blobs).
Does not protect: The existence of the vault (the cloud provider can see that you have an encrypted vault), the total size of encrypted data, access timestamps, and the number of files (though the mapping between encrypted blobs and logical files is obfuscated).
Limitation: Cryptomator does not support file sharing. If you need to share encrypted files with collaborators, you need a different approach or must share the vault password (which is a security anti-pattern).
Approach 2: rclone crypt – For the Command Line
rclone is a command-line tool for managing cloud storage. Its crypt overlay adds transparent encryption to any supported backend – and rclone supports over 70 cloud storage providers.
How It Works
rclone crypt wraps a cloud storage remote in an encryption layer. When you copy files to the crypt remote, they are encrypted locally before upload. When you read from the crypt remote, they are decrypted after download. The underlying cloud storage only ever receives ciphertext.
The encryption uses NaCl SecretBox (XSalsa20 + Poly1305) for file content and AES-256-EME for filename encryption. Both are well-established, audited cryptographic primitives. For help choosing between encryption algorithms, see the encryption selection guide.
Setup: Step by Step
1. Install rclone.
# macOS
brew install rclone
# Linux
curl https://rclone.org/install.sh | sudo bash
# Windows
winget install Rclone.Rclone
2. Configure your cloud storage backend. Run rclone config and follow the prompts to add your cloud provider (Google Drive, S3, Backblaze B2, etc.). This creates an unencrypted remote – call it gdrive: for this example.
3. Create a crypt overlay.
rclone config
Select “New remote,” name it gdrive-crypt, select “crypt” as the type, and set the underlying remote to gdrive:encrypted-vault (a subdirectory on your cloud storage). Choose “Encrypt filenames” and “Encrypt directory names.” Enter a strong password and a salt (or let rclone generate them).
4. Use the crypt remote like any other rclone remote.
# Upload encrypted
rclone copy ~/Documents/sensitive/ gdrive-crypt:documents/
# Download and decrypt
rclone copy gdrive-crypt:documents/ ~/Downloads/decrypted/
# Mount as a virtual filesystem
rclone mount gdrive-crypt: ~/mnt/encrypted-drive/ --vfs-cache-mode full
5. Back up your rclone configuration. The file at ~/.config/rclone/rclone.conf contains your encryption keys (derived from the password and salt you set). Losing this file means losing access to all encrypted data. Back it up to an offline medium – encrypted USB drive, printed paper copy, or a password manager’s secure notes.
rclone crypt: Advantages
- No GUI dependency. Scriptable, automatable, integrates into backup pipelines and CI/CD workflows.
- Any provider. Works with any storage backend rclone supports: S3, GCS, Azure Blob, Backblaze B2, SFTP, local disk, FTP, and dozens more.
- Mount support.
rclone mountcreates a FUSE filesystem that presents encrypted cloud storage as a local directory, with transparent encryption and decryption. - Deduplication-resistant. Because each file is encrypted with unique parameters, identical files produce different ciphertext. This prevents the cloud provider from deduplicating your data and inferring content similarity – a genuine privacy advantage, though it does increase storage usage.
rclone crypt: Limitations
- Configuration complexity. The command-line setup requires comfort with terminal operations and an understanding of rclone’s remote/overlay architecture.
- Key management is manual. You are responsible for backing up
rclone.conf. There’s no built-in key escrow or recovery mechanism. - Performance on mount. The FUSE mount can be slow for random-access workloads on large directories. It’s best suited for sequential operations (backup, restore, batch copy).
Approach 3: VeraCrypt – The Encrypted Container
VeraCrypt (successor to TrueCrypt) creates encrypted containers – single large files that, when mounted, appear as a virtual disk. This approach is well-established and well-audited, but it has significant limitations for cloud sync scenarios.
How It Works
VeraCrypt creates a file of fixed size (e.g., 1 GB, 10 GB) and encrypts it as a single container using AES-256-XTS (or Serpent, Twofish, or cascaded combinations). When you mount the container with your password, it appears as a drive. Files inside are encrypted and decrypted transparently.
Setup: Step by Step
1. Install VeraCrypt from veracrypt.fr. Available for Windows, macOS, and Linux.
2. Create a volume. Launch VeraCrypt, select “Create Volume,” choose “Create an encrypted file container.” Select the location inside your cloud sync folder. Set the size (you must choose upfront – the container is a fixed-size file). Select AES-256 encryption with SHA-512 hash. Set a strong password.
3. Mount and use. Select a drive letter or mount point, choose your container file, enter the password. The decrypted volume appears as a local drive. Add files as needed. Dismount when finished.
The Cloud Sync Problem
VeraCrypt containers interact poorly with cloud sync for one critical reason: the entire container is a single file. If you modify one small file inside a 10 GB container, the container’s modification timestamp and checksum change. Most cloud sync clients will re-upload the entire 10 GB file.
Some sync clients (Dropbox, partially) support block-level sync that can detect which portions of a large file changed and upload only the delta. But this behavior is inconsistent, undocumented, and not guaranteed.
When to use VeraCrypt for cloud storage:
- Small containers (under 500 MB) where full re-upload is acceptable.
- Archival use cases where you write once and rarely modify.
- Situations where you need hidden volumes (VeraCrypt’s plausible deniability feature, which allows a second encrypted volume hidden inside the first, unlockable with a different password).
When not to use VeraCrypt for cloud storage:
- Active working directories with frequent file changes.
- Large datasets where re-upload cost (time and bandwidth) is significant.
- Mobile access scenarios (VeraCrypt has no official mobile client).
Approach 4: Client-Side Encryption Architecture
For teams and organizations, the approaches above may be insufficient. They require each user to manage encryption independently, they don’t support key sharing or rotation, and they lack audit trails. A client-side encryption architecture addresses these requirements systematically.
Design Principles
A proper client-side encryption architecture for cloud storage follows these principles:
Key hierarchy. A master key encrypts file-specific data encryption keys (DEKs). Each file is encrypted with its own DEK. This allows individual file access without exposing the master key and enables granular key rotation (re-encrypt a single file’s DEK without re-encrypting every file).
Key wrapping for sharing. To share an encrypted file with another user, wrap (re-encrypt) the file’s DEK with the recipient’s public key. The file itself doesn’t need to be re-encrypted. This is the pattern used by age encryption and similar modern tools.
Metadata separation. File metadata (names, sizes, modification times, directory structure) is encrypted separately from file content. The cloud provider’s file listing reveals nothing about the logical structure of your data.
Zero-knowledge key management. The encryption keys are derived from a user-held secret (password, hardware key, or wallet signature). The server never holds key material in any form. Key derivation uses a memory-hard function (Argon2id) to resist brute-force attacks.
Implementation with age + rclone
For small teams, a practical implementation combines age (a modern encryption tool by Filippo Valsorda) with rclone:
# Generate age identity (private key)
age-keygen -o key.txt
# Encrypt a file for yourself
age -r age1yourpublickey... -o file.enc file.txt
# Encrypt for multiple recipients (team sharing)
age -r age1alice... -r age1bob... -o shared.enc document.pdf
# Decrypt
age -d -i key.txt -o document.pdf shared.enc
Wrap this in a script that encrypts files before passing them to rclone for upload, and you have a basic client-side encryption architecture with multi-recipient support.
Implementation with Tahoe-LAFS
For maximum resilience, Tahoe-LAFS (Least-Authority File Store) provides a distributed, encrypted storage system where data is erasure-coded across multiple storage nodes. No single node holds enough data to reconstruct any file, and all encryption is client-side. Tahoe-LAFS is conceptually aligned with what Stealth Cloud’s Stealth Drive aims to deliver in a more accessible package.
Comparison Matrix
| Approach | Ease of Use | Cloud Sync | Sharing | Filename Encryption | Open Source | Mobile |
|---|---|---|---|---|---|---|
| Cryptomator | High | Excellent | No | Yes | Yes | Yes |
| rclone crypt | Medium | Good | No | Yes | Yes | Limited |
| VeraCrypt | Medium | Poor | No | Yes (container) | Yes | No |
| age + rclone | Low | Good | Yes | Manual | Yes | No |
| Tahoe-LAFS | Low | Custom | Yes | Yes | Yes | No |
Key Management: The Hard Part
Every approach above shares a critical vulnerability: key loss equals data loss. Client-side encryption means no provider can recover your data if you lose your keys. This is a feature, not a bug – but it demands disciplined key management.
Key Backup Strategy
1. Password manager. Store encryption passwords and recovery keys in a reputable password manager (Bitwarden, KeePassXC, 1Password). The password manager itself should use a strong master password that you have memorized.
2. Offline backup. Print recovery keys and store them in a physically secure location (safe, safety deposit box). This protects against digital failures – ransomware, account lockout, device loss.
3. Shamir’s Secret Sharing. For critical keys, split them using Shamir’s Secret Sharing into N shares, any K of which can reconstruct the key. Distribute shares across trusted parties or locations. This prevents single-point-of-failure for key custody without requiring any single party to hold the full key.
4. Hardware security keys. For the highest security, derive encryption keys from a hardware device (YubiKey, Ledger, Trezor). The key material never exists on general-purpose computing hardware. This approach is more complex but eliminates software-based key extraction attacks.
Key Rotation
Rotate encryption keys periodically – annually at minimum, or immediately after any suspected compromise. For Cryptomator, this means creating a new vault and migrating files. For rclone crypt, reconfigure the crypt remote with a new password and re-upload. For age-based systems, generate a new keypair and re-encrypt DEKs.
Key rotation is operationally expensive with most tools. This is an area where purpose-built zero-knowledge platforms provide significant advantages through automated key hierarchy management.
Threat Model Alignment
Before choosing an approach, understand your threat model. Different approaches protect against different adversaries:
Against the cloud provider (internal access, compliance requests): All four approaches are effective. The provider sees only ciphertext.
Against an attacker who compromises your cloud account: All four approaches are effective. The attacker obtains encrypted blobs without keys.
Against an attacker who compromises your local device: None of these approaches help if the attacker gains access while your vault is mounted and unlocked. Defense here requires full-disk encryption, screen lock discipline, and endpoint security – not cloud encryption.
Against a state actor with legal compulsion power over the cloud provider: All four approaches are effective against the provider. But if the state actor also has compulsion power over you (to surrender keys), only VeraCrypt’s hidden volumes provide plausible deniability.
Against metadata analysis: Cryptomator and rclone crypt encrypt filenames and flatten directory structures. VeraCrypt hides everything inside a single container. But all approaches leak access patterns (when you access the vault) and volume size. True metadata resistance requires more advanced architectures like ORAM (Oblivious RAM) or onion-routed storage access.
The Architecture Stealth Cloud Is Building
The tools in this guide are effective but manual. They require users to understand encryption, manage keys, and maintain operational discipline. Stealth Cloud’s approach is to embed client-side encryption into the infrastructure layer itself – AES-256-GCM encryption via the Web Crypto API, key derivation from wallet signatures (no passwords to remember or lose), and zero-persistence architecture where encrypted data auto-shreds on configurable schedules.
The future of encrypted cloud storage is not a tool you install alongside your cloud client. It’s an architecture where encryption is the default, key management is invisible, and the provider is structurally incapable of accessing your data. Until that future arrives, the tools above are your best available options. Use them.