FAQ & Troubleshooting

Off-Migration Guide: Decrypt all Boxcryptor encrypted files

With Dropbox acquiring several key assets from Secomba GmbH, Boxcryptor will be discontinued and we will cease our service. All users and customers will be able to continue using the service until the end of their contractual term.

To migrate away from Boxcryptor, you will have to decrypt all your files to keep access to them.

If you are concerned that you might lose access to files encrypted by Boxcryptor you currently do not have physical access, we strongly recommend downloading the latest client software and exporting your keys as described here.

This way, even after your account has been deleted or the Boxcryptor service is shut down, you will be able to decrypt any files later on.

Migration Tips For Organizations

  • Administrators are able to export the keys of all users by clicking on each user and selecting EXPORT KEYS in the User Management.
  • Self-service key export for users is not allowed by default. This restriction can be lifted by enabling the Allow Key Export policy here.
  • If Master Key is enabled, the key export of an administrator account will include all keys of all users with an active Master Key. This enables overall access to all of the organization's files.

To decrypt your files, we strongly recommend using our Desktop applications Boxcryptor for Windows or Boxcryptor for macOS.

Alternatively, you can export your files via the context menu.

What happens if Boxcryptor goes out of business?

Boxcryptor has been designed in such a way that Boxcryptor continues to work even if the Boxcryptor servers are not available and you're still signed into Boxcryptor. If you want to take additional precautions for the event that the Boxcryptor servers would go permanently offline, you must have the following backups:

  • Exported key file
  • Boxcryptor installer file

When these files are available, you will always be able to access your encrypted files on your own on any supported operating system - without any connection to any server. The exported key file contains all encryption keys associated with your Boxcryptor account. Important: As new keys might be added over time by Boxcryptor's integrated key management (e.g. when sharing files with other Boxcryptor users), it is recommended to regularly export a new key file.

After installing Boxcryptor, you can use the exported key file to access your encrypted files using a local account. Learn more about exporting your keys and local accounts.

How to Create a Debug Log

What is a Debug Log?

A debug log captures all internal events while Boxcryptor is running. It can help us to track down issues with Boxcryptor, for example bugs and incompatibilities with other software.

Does a Debug Log Contain Sensitive Data?

When you create a debug log, sensitive user information - like password, encryption keys, or actual file content will not be logged.

Which Information Does a Debug Log Contain?

The debug log captures the following information.

  • User interaction such as button clicks and in-app navigation
  • File operations (including unencrypted filenames)
  • Current Boxcryptor settings
  • Communication with our servers and your cloud provider(s)
  • System information such as OS version or required frameworks

How Do I Create a Debug Log?

If you experience problems before you can even sign in, you can enable a debug log via console:

  • macOS
    • Open the terminal app.
    • Type open
    • Drag the Boxcryptor Portable.app into this window.
    • Add --args -d at the end of the command-line and execute it.
  • Windows
    • Open the command shell (Windows Key+R → type cmd → Enter).
    • Drag the Boxcryptor Portable.exe into this window.
    • Add -d and run the application.
  • Linux
    • Open Boxcryptor_Portable.sh with an editor.
    • Append -d behind ./java -jar ../../"Boxcryptor_Portable.jar".
    • Run Boxcryptor_Portable.sh with your terminal.

If you are already authenticated, you can enable Enable logging in the settings.

A debug log (debug.seclog) is generated and saved to the following location:

  • macOS: ~../Boxcryptor Portable.app/Contents/Java/.boxcryptor-internals/log/
  • Windows and Linux: ../Boxcryptor_Portable/Boxcryptor/app/.boxcryptor-internals/log/debug.seclog

What Should I Do With my Debug Log?

After you enabled debug logging and reproduced your steps, you can send us an email with the debug log and a description what went wrong.

If you already have created a support case, you can simply enter the case number into the email body and we will automatically link your case.

I Cannot Move a File to an Encrypted Folder

Moving files between differently encrypted folders or into a new encrypted folder always requires encrypting the files with the new folder key. Hence, Boxcryptor has to download the item, decrypt, encrypt, and upload the item again. This would present an obvious strain on your bandwidth. Since users might no expect this much data usage for a simple move/copy operation, we decided to disable the option to move and copy between encrypted folders.

This Application Requires a Java Runtime Environment

If you receive this error message when starting Boxcryptor Portable, there is a problem with your folder structure in the downloaded Portable compressed-file.

Inside the compressed-file of the Portable you find the Boxcryptor Portable executable and - on Windows and Linux - a folder named Boxcryptor.

We put everything you need to run Boxcryptor Portable into that compressed-file – including a Java Runtime Environment. Please make sure that you did not modify the extracted items.

USB Flash Drive Support

If you want to run Boxcryptor Portable on a USB flash drive, please consider the following table. It contains serveral working combinations of platforms and file systems:

|               | FAT32                  | NTFS                                      | HFS+                 | 
| ------------- | ---------------------- | ----------------------------------------- | -------------------- |
| Windows       | YES                    | YES                                       | YES (No Drag & Drop) |
| macOS         | YES (No Drag & Drop)   | YES (No Drag & Drop, mount as read-write) | YES                  |
| Linux         | YES                    | YES                                       | NO                   |
|               |                        |                                           |                      |

Where can I download Boxcryptor Classic?

Boxcryptor Classic is the predecessor of Boxcryptor which has been discontinued. It is not recommended to use Boxcryptor Classic because it is not supported anymore and does not work on the latest operating system versions.

If you’re an existing user of Boxcryptor Classic you can download it here and we recommend you to upgrade to Boxcryptor as soon as possible.

Download Boxcryptor Classic Portable for Windows here: https://www.boxcryptor.com/download/BoxcryptorClassicPortable_1.6.402.92.zip Supports Windows XP, Windows 7, Windows 8.1 and may work on Windows 10

Outdated Clients

We regularly release new versions of Boxcryptor with new features, better stability and overall improvements and retire outdated versions over time. On September 30 2018, the following versions have been retired:

  • Boxcryptor for Windows 2.22.706 and older
  • Boxcryptor for macOS 2.19.907 and older

When you try to use a retired version, you will not be able to use Boxcryptor and receive one of the following error messages:

This client is invalid or outdated. Please upgrade to the latest version.


The client id is invalid!


This is no secure connection


The remote certificate is invalid according to the validation procedure


Boxcryptor can't establish a secure connection to the Boxcryptor server.

Solution

Download and install the latest version of Boxcryptor from here. Afterwards you will be able to continue to use Boxcryptor.

If you still see the error message This is no secure connection, the problem lies elsewhere. Check out I Cannot Connect to the Boxcryptor Servers.

I am using Windows XP or Mac OS X 10.14 or earlier

Current versions of Boxcryptor require Windows 7 and later or macOS 10.15 and later. As all earlier operating system versions are not supported by Apple or Microsoft anymore, we recommend affected users to update their operating system to a newer version as soon as possible in order to stay safe.

Using unsupported operation systems poses a huge security risk. You really have to update your operating system for security-related use.

I cannot update to the latest version

Note: If you are using Windows, please look into I Cannot Update or Uninstall Boxcryptor first.

If for any reason you cannot update to the latest version and can't access your encrypted files anymore, you have the following options:

Boxcryptor Portable

Boxcryptor Portable does not require any installation and can be used to access and decrypt your encrypted files without administrator rights. Download Boxcryptor Portable here.

Key Export

You can export your keys from our server and use a local account to sign in to your outdated Boxcryptor version without requiring a connection to our servers. Learn more here.

I cannot sign in due to too many connected devices

Sign in to your account at boxcryptor.com and remove a device which is no longer needed. Then try again to sign in.

Cannot open some files

There may be situations where files appear to be inaccessible. This can have multiple reasons:

Boxcryptor Access Issues

On desktop some Applications or the file browser shows a message with Invalid parameter when trying to open a file.

  • Boxcryptor is eventually signed-in to a wrong account. → Check the account info in the Boxcryptor settings and compare it with the Boxcryptor permissions.
  • The user has no Boxcryptor permissions on the file. → Make sure the user has physical access to the shared file, has Boxcryptor permissions correctly set and the latest permission changes of the file have been synced. Learn how to set permissions here.

Filesystem Permissions Issues

Files are read-only or "permission denied" is displayed. Change files system permissions so your user can (physically) access them.

Sync Issues

"Bad padding" issues, empty physical files or inaccessible folders due to an empty Folderkey.bch file.


File open shows "Found invalid data while decoding" and the .bc file is empty.


Folder cannot be opened "Found invalid data while decoding." is displayed in the permission settings.

There has been an incompatibility with Dropbox in the past that could create "broken" content for smaller files because Dropbox did not sync the last file change.

  • restore an older version of the corrupted file via the file history of your cloud storage provider.
  • for folder issues, delete the empty Folderkey.bch file and re-encrypt the folder.

Known Limitations

Editing Files

Boxcryptor Portable has limited support for editing files: Changes to files are not tracked automatically by the Boxcryptor Portable. If you open a file, change the content, and save it, Boxcryptor Portable cannot synchronize these changes. Instead, to edit a file, you must first store the file locally, for example on your desktop. After saving your changes, you can manually re-upload the file to your provider.

For that reason, we do not recommend to use Boxcryptor Portable if you plan to work with your files regularly. Consider installing Boxcryptor for Windows or Boxcryptor for macOS for this purpose.

Limited Support for Cloud Providers with Enabled Two-factor Authentication (2FA)

Due to technical incompatibilities, adding cloud providers with 2FA enabled may not work as expected when using Boxcryptor Portable. To fix this, you can temporarily disable 2FA in the security settings of the cloud storage provider before linking it to Boxcryptor Portable.

There is a File Called FolderKey.bch in my Cloud Storage. What is This?

Boxcryptor creates a FolderKey.bch file when a folder is encrypted. It contains encryption metadata for its parent folder and helps Boxcryptor to maintain the encryption hierarchy. This file is not visible within the Boxcryptor drive.

Does it Leak Sensitive Information?

The FolderKey.bch does not contain any sensitive information. Only .bc files contain sensitive information — and these are encrypted.

What Happens When I Lose it?

Dont't worry, you will not loose any data or access to files. All crypto-required information is stored directly within your encrypted *.bc files.

The downside of losing that file is that Boxcryptor no longer perceives the parent folder as encrypted. As a consequence, new files in this folder will not inherit the encryption setting.

There is a File Called .bclink in my Cloud Storage. What is This?

The file helps to verify the account when linking accounts to use features like Whisply.

If the file doesn't exist, the user either used a different account for linking or the sync client is not turned on/syncing.

Does it Leak Sensitive Information? Can I delete it?

The file does not contain any sensitive information. It is not necessary and can also be deleted. However, it may be generated again automatically.

Recover Account Access if Second Factor (2FA) is Lost

In the case of a lost second factor for the two-factor authentication (2FA) such as an authenticator app, your mobile device in total, your security key or other hardware, you will no longer be able to sign in to your Boxcryptor account.

Ways to recover access to your account:

Re-apply the secret key from your initial setup

If you still have your secret key from the initial Authenticator App setup, you can just re-add it to your authenticator app of choice. Next to the QR Code scan method these apps usually provide a "manual" way to add a Time-based One-time Password (TOTP) account.

For reference, the secret key looks similar to:

mzwe wocd mj3d qr3f njjw g2cm grqw cvli

Use a device code

If you are still recently signed-in in Boxcryptor for Windows or Boxcryptor for macOS, You can use these devices as a second factor instead.

The second factor authentication screen will then provide you with the extra option "Use Device Code". Upon clicking on it, our apps will provide you with a temporary 8-digit pin, that will be valid for 5 minutes.

Please ensure that your Boxcryptor client is up-to-date before. You can always download the latest version here.

Also, make sure the Boxcryptor client is started and unlocked before requesting a device code.

Use a backup code

Once you set up your second factor, backup codes will be generated and presented to you. You can use these one-time codes instead of your second factor.

If you run out of one-time codes, you can regenerate new codes here.

None of the above methods apply

If you are still unable to access your account, you can also contact us to disable the two-factor authentication.

However, we need clear evidence that you are the legitimate owner of this account.

The identification will be done via video live chat, you will need the following things:

  1. A device with a browser installed and a working camera.
  2. An identification of your person (ID card, passport or driver's license).
  3. The valid e-mail address of your Boxcryptor account.

To pick an appointment, please visit our Booking Page.

Please provide a valid e-mail address, since it will be used for a calendar invite, further instructions and a meeting join link.

As a video chat platform, we use Microsoft Teams. You do not need a user account there. On desktop computers, a modern browser (Chrome, Edge or Safari) is sufficient. For other browsers or mobile devices, you might have to download the Microsoft Teams App:

iPhone & iPad: https://apps.apple.com/app/microsoft-teams/id1113153706 Android: https://play.google.com/store/apps/details?id=com.microsoft.teams Desktop: https://www.microsoft.com/en-us/microsoft-teams/download-app

Invalid Authenticator App Codes

If you are unable to generate a valid code despite the authenticator app working, this is most likely due to a different time on one of the systems involved.

Since these TOTP codes are only valid for 30 seconds, deviations from real time of just a few seconds can lead to registration problems.

You can check the synchronization on all participating devices by visiting the following website: https://time.is

If the time difference is more than a few seconds, we recommend that you set up the automatic time synchronization of your devices or, if necessary, perform a new one.