Share Access to Files

One of the main reasons to use cloud storage is how easy it is to share files and that one can simplify remote group work. Boxcryptor allows you to stay secure while collaborating and sharing files with others.

What You Need to Know About Sharing Encrypted Files

For understanding how the sharing of encrypted files works, it is helpful to understand how programs handle unencrypted and encrypted files.

If you store an unencrypted file on your device or in the cloud, the program you store it with saves the file and the information inside. Such a file can be read or modified by anyone who has physical access. If you encrypt a file, however, the information inside the file is modified. For programs and humans the encrypted information is rendered useless. To decrypt the information again, you need a cryptographic key that translates the information back into its original state.

Therefore, sharing an encrypted file with somebody is like writing an email by poking around on your keyboard. The other person can read the information, but it is useless, since it does not have any semantic meaning.

As a consequence, there are two steps necessary to share an encrypted file:

  1. Share the file physically at your cloud provider. Please check your provider’s documentation on how to share files or folders with others.
  2. Share the cryptographic key in Boxcryptor. Boxcryptor uses a key for each file. The key is encrypted by your Boxcryptor account and is stored within the file itself. If you share the file with somebody, the key will be encrypted with the Boxcryptor account of the receiver and stored in the file as well.

7-6   Help Sharing Permission complete

Note: Every time you share a file, the file is modified. Keep in mind that it must be synchronized by your cloud provider. If you share access to multiple files, make sure that they are all synchronized completely.

Just as the inheritance of encryption properties, permissions are inherited from the parent folder as well. If you add a file to a shared folder, the persons who you shared the folder with can access the file now, too.

2-1 Help Inheritance

inline-no-border   Permission A Encrypted and permission to access for Alice

inline-no-border   Permission B Encrypted and permission to access for Bob

inline-no-border   Permission AB Encrypted and permission to access for Alice and Bob

Share Files With Boxcryptor Users: Permissions

If you want to share a file or folder with someone who uses Boxcryptor as well, follow these steps:

  • Ctrl-click the file or folderHelp macOS App Icon Manage Permissions.
  • Add the group or user you want to share the file or folder with.
  • Apply the changes.
  • Wait for the data to be synced to your cloud.
  • Make sure to also share access to your file or folder on your providers web interface.

If you have filename encryption activated, it is considered best practice to create a parent folder without filename encryption and share this folder physically at your cloud provider.

Sharing Data With Non-Boxcryptor Users: Whisply

If you want to share a file with someone who is neither using Boxcryptor nor the cloud, you can use Whisply. Whisply is a browser based secure file transfer service that we developed for this purpose. Please follow the guide of Boxcryptor and Whisply here.

Manage Groups

Groups are a powerful instrument for managing your users and their access rights. Manage your groups in your account when you sign in on our website here.

Please be aware that the group feature is only availabe with Boxcryptor Business and up.

Irreversible operations, such as rename, delete, or grant and revoke ownership are restricted to the owner of the group. You can set other members as owners and also remove ownership. Groups can have multiple owners.

Benefits of Groups

Besides sharing files with individual accounts, you can also share files with a group of users. If you share a file with a group, the cryptographic key will be encrypted with a group key and stored inside the file.

The benefits of groups are:

  • Central management: You do not need to click through all your files to see, revoke, or grant access to somebody.
  • No synchronization necessary: When you add or remove someone from a group, the changes are done on your machine and our servers only. Therefore it is much faster. Since the permissions within the files do not change, a consecutive file synchronization is not necessary.