FAQ & Troubleshooting

Off-Migration Guide: Decrypt all Boxcryptor encrypted files

With Dropbox acquiring several key assets from Secomba GmbH i.L., Boxcryptor will be discontinued and we will cease our service. All users and customers will be able to continue using the service until the end of their contractual term.

To migrate away from Boxcryptor, you will have to decrypt all your files to keep access to them.

If you are concerned that you might lose access to files encrypted by Boxcryptor you currently do not have physical access, we strongly recommend downloading the latest client software and exporting your keys as described here.

This way, even after your account has been deleted or the Boxcryptor service is shut down, you will be able to decrypt any files later on.

Migration Tips For Organizations

  • Administrators are able to export the keys of all users by clicking on each user and selecting EXPORT KEYS in the User Management.
  • Self-service key export for users is not allowed by default. This restriction can be lifted by enabling the Allow Key Export policy here.
  • If Master Key is enabled, the key export of an administrator account will include all keys of all users with an active Master Key. This enables overall access to all of the organization's files.

To decrypt your files, we recommend using our Desktop applications Boxcryptor for Windows or Boxcryptor for macOS.

If you cannot access your files on these platforms, you can also copy and paste your encrypted files and folders to your iPhone or iPad using the Files-app.

What happens if Boxcryptor goes out of business?

Boxcryptor has been designed in such a way that Boxcryptor continues to work even if the Boxcryptor servers are not available and you're still signed into Boxcryptor. If you want to take additional precautions for the event that the Boxcryptor servers would go permanently offline, you must have the following backups:

  • Exported key file
  • Boxcryptor installer file

When these files are available, you will always be able to access your encrypted files on your own on any supported operating system - without any connection to any server. The exported key file contains all encryption keys associated with your Boxcryptor account. Important: As new keys might be added over time by Boxcryptor's integrated key management (e.g. when sharing files with other Boxcryptor users), it is recommended to regularly export a new key file.

After installing Boxcryptor, you can use the exported key file to access your encrypted files using a local account. Learn more about exporting your keys and local accounts.

Boxcryptor does not show up in Files app

In some cases, Boxcryptor is not shown directly in the Files app after installation.

Activate location You may have to edit your Locations list to activate your Boxcryptor Location. Press Help macOS Button More -> Edit Sidebar -> Toggle on the Boxcryptor Location.

Use self-signed Certificates for Cloud Provider

Connecting to self hosted WebDAV or Owncloud / NextCloud instances with self-signed certificates does not always work out-of-the-box.

For Boxcryptor to connect to your server, you must install your self-signed certificate on your iPhone / iPad. For more information how to install it, please see here.

For more information on certificate requirements, check apple's specification here.

If you own the domain, you can instead create a free and trusted certificate. For more information, see Authorities such as Let's Encrypt.

I Cannot Move a File to an Encrypted Folder

Moving files between differently encrypted folders or into a new encrypted folder always requires encrypting the files with the new folder key. Hence, Boxcryptor has to download the item, decrypt, encrypt, and upload the item again. This would present an obvious strain on your bandwidth. Since users might not expect this much data usage for a simple move/copy operation, we decided to disable the option to move and copy between encrypted folders.

Where can I download Boxcryptor Classic?

Boxcryptor Classic is the predecessor of Boxcryptor which has been discontinued. It is not recommended to use Boxcryptor Classic because it is not supported anymore and does not work on the latest operating system versions.

If you’re an existing user of Boxcryptor Classic you can download it here and we recommend you to upgrade to Boxcryptor as soon as possible.

Boxcryptor Classic for iOS is not available on in the App Store anymore.

Outdated Clients

We regularly release new versions of Boxcryptor with new features, better stability and overall improvements and retire outdated versions over time. On September 30 2018, the following versions have been retired:

  • Boxcryptor for Windows 2.22.706 and older
  • Boxcryptor for macOS 2.19.907 and older

When you try to use a retired version, you will not be able to use Boxcryptor and receive one of the following error messages:

This client is invalid or outdated. Please upgrade to the latest version.


The client id is invalid!


This is no secure connection


The remote certificate is invalid according to the validation procedure


Boxcryptor can't establish a secure connection to the Boxcryptor server.

Solution

Download and install the latest version of Boxcryptor from here. Afterwards you will be able to continue to use Boxcryptor.

If you still see the error message This is no secure connection, the problem lies elsewhere. Check out I Cannot Connect to the Boxcryptor Servers.

I am using Windows XP or Mac OS X 10.14 or earlier

Current versions of Boxcryptor require Windows 7 and later or macOS 10.15 and later. As all earlier operating system versions are not supported by Apple or Microsoft anymore, we recommend affected users to update their operating system to a newer version as soon as possible in order to stay safe.

Using unsupported operation systems poses a huge security risk. You really have to update your operating system for security-related use.

I cannot update to the latest version

Note: If you are using Windows, please look into I Cannot Update or Uninstall Boxcryptor first.

If for any reason you cannot update to the latest version and can't access your encrypted files anymore, you have the following options:

Boxcryptor Portable

Boxcryptor Portable does not require any installation and can be used to access and decrypt your encrypted files without administrator rights. Download Boxcryptor Portable here.

Key Export

You can export your keys from our server and use a local account to sign in to your outdated Boxcryptor version without requiring a connection to our servers. Learn more here.

I cannot sign in due to too many connected devices

Sign in to your account at boxcryptor.com and remove a device which is no longer needed. Then try again to sign in.

Cannot open some files

There may be situations where files appear to be inaccessible. This can have multiple reasons:

Boxcryptor Access Issues

On desktop some Applications or the file browser shows a message with Invalid parameter when trying to open a file.

  • Boxcryptor is eventually signed-in to a wrong account. → Check the account info in the Boxcryptor settings and compare it with the Boxcryptor permissions.
  • The user has no Boxcryptor permissions on the file. → Make sure the user has physical access to the shared file, has Boxcryptor permissions correctly set and the latest permission changes of the file have been synced. Learn how to set permissions here.

Filesystem Permissions Issues

Files are read-only or "permission denied" is displayed. Change files system permissions so your user can (physically) access them.

Sync Issues

"Bad padding" issues, empty physical files or inaccessible folders due to an empty Folderkey.bch file.


File open shows "Found invalid data while decoding" and the .bc file is empty.


Folder cannot be opened "Found invalid data while decoding." is displayed in the permission settings.

There has been an incompatibility with Dropbox in the past that could create "broken" content for smaller files because Dropbox did not sync the last file change.

  • restore an older version of the corrupted file via the file history of your cloud storage provider.
  • for folder issues, delete the empty Folderkey.bch file and re-encrypt the folder.

There is a File Called FolderKey.bch in my Cloud Storage. What is This?

Boxcryptor creates a FolderKey.bch file when a folder is encrypted. It contains encryption metadata for its parent folder and helps Boxcryptor to maintain the encryption hierarchy. This file is not visible within the Boxcryptor drive.

Does it Leak Sensitive Information?

The FolderKey.bch does not contain any sensitive information. Only .bc files contain sensitive information — and these are encrypted.

What Happens When I Lose it?

Dont't worry, you will not loose any data or access to files. All crypto-required information is stored directly within your encrypted *.bc files.

The downside of losing that file is that Boxcryptor no longer perceives the parent folder as encrypted. As a consequence, new files in this folder will not inherit the encryption setting.

There is a File Called .bclink in my Cloud Storage. What is This?

The file helps to verify the account when linking accounts to use features like Whisply.

If the file doesn't exist, the user either used a different account for linking or the sync client is not turned on/syncing.

Does it Leak Sensitive Information? Can I delete it?

The file does not contain any sensitive information. It is not necessary and can also be deleted. However, it may be generated again automatically.

Recover Account Access if Second Factor (2FA) is Lost

In the case of a lost second factor for the two-factor authentication (2FA) such as an authenticator app, your mobile device in total, your security key or other hardware, you will no longer be able to sign in to your Boxcryptor account.

Ways to recover access to your account:

Re-apply the secret key from your initial setup

If you still have your secret key from the initial Authenticator App setup, you can just re-add it to your authenticator app of choice. Next to the QR Code scan method these apps usually provide a "manual" way to add a Time-based One-time Password (TOTP) account.

For reference, the secret key looks similar to:

mzwe wocd mj3d qr3f njjw g2cm grqw cvli

Use a device code

If you are still recently signed-in in Boxcryptor for Windows or Boxcryptor for macOS, You can use these devices as a second factor instead.

The second factor authentication screen will then provide you with the extra option "Use Device Code". Upon clicking on it, our apps will provide you with a temporary 8-digit pin, that will be valid for 5 minutes.

Please ensure that your Boxcryptor client is up-to-date before. You can always download the latest version here.

Also, make sure the Boxcryptor client is started and unlocked before requesting a device code.

Use a backup code

Once you set up your second factor, backup codes will be generated and presented to you. You can use these one-time codes instead of your second factor.

If you run out of one-time codes, you can regenerate new codes here.

None of the above methods apply

If you are still unable to access your account, you can also contact us to disable the two-factor authentication.

However, we need clear evidence that you are the legitimate owner of this account.

The identification will be done via video live chat, you will need the following things:

  1. A device with a browser installed and a working camera.
  2. An identification of your person (ID card, passport or driver's license).
  3. The valid e-mail address of your Boxcryptor account.

To pick an appointment, please visit our Booking Page.

Please provide a valid e-mail address, since it will be used for a calendar invite, further instructions and a meeting join link.

As a video chat platform, we use Microsoft Teams. You do not need a user account there. On desktop computers, a modern browser (Chrome, Edge or Safari) is sufficient. For other browsers or mobile devices, you might have to download the Microsoft Teams App:

iPhone & iPad: https://apps.apple.com/app/microsoft-teams/id1113153706 Android: https://play.google.com/store/apps/details?id=com.microsoft.teams Desktop: https://www.microsoft.com/en-us/microsoft-teams/download-app

Invalid Authenticator App Codes

If you are unable to generate a valid code despite the authenticator app working, this is most likely due to a different time on one of the systems involved.

Since these TOTP codes are only valid for 30 seconds, deviations from real time of just a few seconds can lead to registration problems.

You can check the synchronization on all participating devices by visiting the following website: https://time.is

If the time difference is more than a few seconds, we recommend that you set up the automatic time synchronization of your devices or, if necessary, perform a new one.

Why Is Boxcryptor “Files App First”?

With iOS 11, Apple introduced the Files app as the central hub and designated way to work with files on iPhones and iPads in 2021. Besides the default storage locations iCloud and "On my device", apps like Boxcryptor can integrate with the Files app and provide their own files and folders. At the same time, other apps can integrate the Files app in order to seamlessly work with exactly those files.

The Files app is a huge improvement for workflows spanning multiple apps to get your work done. Our mission and promise at Boxcryptor is and has always been to secure your files stored in the cloud.

Our mission is to become the service of choice for everyone who wants to secure files in the cloud. Today, cloud computing is part of our everyday lives and it is continuously changing and evolving. The influence that cloud computing has on our personal and business lives will have a lasting impact on our world. Therefore, data security in the cloud is of highest priority. Personal and sensitive information are valuable property that must be protected – today and always. Boxcryptor was born inspired by our passion for cloud computing security and our wish to find new solutions to make our lives a little easier and more secure. As we grow, we will continue to protect information across devices in the cloud and to develop services and solutions as needs and wants evolve.

This mission is our guideline when developing Boxcryptor now and in the future. Files app first is an important step on this journey and ensures that we continue to meet our customer's requirements in 2021 and beyond. You can learn more about the advantages of the Files app here.

Why Did You Remove Your Own File Browser?

On one hand, developing and maintaining your own files browser including all bells and whistles requires a huge effort, on the other hand it can never match the experience Apple is able to provide with the Files app due to its central and deep integration in iOS and other apps.

Focusing on the Files app integration allows us to provide a more clear user experience by having a single place to work with your encrypted files and also to opimize our development resources around our core value proposition: The best end-to-end encryption solution for cloud storages.

I Don’t Trust Apple, iOS or the Files App

Apple owns the hardware, the operating system, and all core apps running on your iPhone or iPad. It is impossible to develop a third party iPhone or iPad app which can protect data against Apple as an attack vector.

If you do not trust Apple, iOS or the Files app, the only real solution is not to use an Apple device. You should only use devices and operating systems which have your trust.

App security always relies on operating system security and operating system security always relies on hardware security. Thus, trust is inherited: Hardware must be trusted to trust the operating system. The operating system must be trusted to trust an app. If trust for the hardware or operating system are missing, this trust can never be restored by an app.

The new Boxcryptor app is as secure as the old one was. Even if you disabled the Files app integration in the old app, Boxcryptor – just like every app - always used functionality provided by iOS, e.g. to perform the actual encryption and decryption or to preview files within the Boxcryptor app. Files in the Boxcryptor app have always been exposed to Apple's software and hardware - regardless if the Files app integration was used or not.

Just like iOS, the Files app adheres to the highest standards for privacy and data security found in the industry. Other apps can only access files in the Files app if you explicitly opened a file. It is not possible that other apps secretly access your encrypted files in Boxcryptor via the Files app behind your back. You can learn more about the security of Apple platforms here.

I Don’t Trust Other Apps

By default, the Files app automatically opens a file in another app if it supports the file type. For example, Word documents will automatically open in the Word or Office app if it is installed.

If you have apps installed which you don't trust, the only real solution is to uninstall them. You should only install and use apps which have your trust.

If you do not want that a specific file opens in another app, you can use the Quick Look feature of the Files app to preview a file directly in the Files app. You can learn more about it here.