Cloud providers like Google Drive and Dropbox encrypt your data during transfer, but they do not always encrypt it while stored on their servers. This means the service provider could technically read your files.
I’m not suggesting that they actually do this, but it’s still something many people are understandably uncomfortable with especially during the recent fiasco on requests of backdoor to the customer data from the government.
Encryption Under Threat: The UK’s Backdoor Mandate and Its Impact on Online Safety - Internet Society
Weakening encryption not only undermines personal privacy but also jeopardizes national security and global cybersecurity standards.
internetsociety.org
The simple solution to this is to save your data locally, which might not be feasible for everyone. That’s why many people still rely on cloud storage for backups.
I am sharing the method that I use to encrypt my data during cloud storage ensuring that only I can access my data.
I use GnuPG (GNU Privacy Guard) for this process — it’s free, open-source, and surprisingly simple to use.
GPG lets you take any file or folder and lock it with a password so only you can open it.
You don’t need any technical background — just a few simple commands.
By the end of this tutorial, you will have a basic understanding of how to encrypt your files and upload them to the cloud protecting your privacy.
Installation
macOS
Using Homebrew.
Install homebrew here
brew install gnupg
echo "alias gpg='gpg2'" >> ~/.zshrc && source ~/.zshrc
Or with additional tools and GUI utilities (like GPG Keychain):
brew install --cask gpg-suite
echo "alias gpg='gpg2'" >> ~/.zshrc && source ~/.zshrc
Linux
Debian / Ubuntu
sudo apt install gnupg
Fedora
sudo dnf install gnupg
Arch Linux / Manjaro
sudo pacman -S gnupg
Windows
- Download the Gpg4win installer from: gpg4win.org
- Run the installer and follow the setup instructions.
- After installation, open Kleopatra (a GUI for GPG) or use the command line via cmd.
Verify Installation
gpg --version
Set the Default Algorithm for encryption (AES256)
AES-256 is a strong, modern encryption algorithm. Setting it as the default ensures all your files use the strongest protection automatically.
MacOS / Linux
echo "cipher-algo AES256" >> ~/.gnupg/gpg.conf
chmod 700 ~/.gnupg
chmod 600 ~/.gnupg/gpg.conf
Windows (in powershell)
mkdir "$env:APPDATA\gnupg" -ErrorAction SilentlyContinue
Add-Content "$env:APPDATA\gnupg\gpg.conf" "cipher-algo AES256"
Encrypt
Add your files to a folder and zip them using the command or via the quick actions:
We zip the folder first because GPG encrypts files, not directories.
zip -r foldername.zip foldername/
or compress to zip file using any software.
Then you can encrypt it with the below command
gpg --output foldername.gpg -c foldername.zip
Enter a passphrase to encrypt your files. Do not lose this passphrase — without it, decryption is impossible. Use a password manager and write it down somewhere safe that you can access later.
Tip: Use a long passphrase (3–5 random words). It’s easier to remember and harder to crack.
Check out this video on how to create a secure passphrase (so that they can't crack your encryption, you may wanna revisit when quantum computing breaks this! so maybe check on this after every 5 years):
Upload your encrypted file to the drive
You can now upload your encrypted file to your cloud provider without any worry!
Upload only the encrypted file (example: foldername.gpg).
Never upload the unencrypted zip file.
Decrypt
gpg --output foldername.zip -d foldername.gpg
Enter your passphrase to decrypt the zip file and extract them to view your files.
This will recreate your original ZIP file. Just extract it to get your files back.
Once your file is encrypted with GPG, nobody — not Google, not Dropbox, not even hackers — can read it without your passphrase. Thanks for reading — stay safe and encrypted!
Top comments (0)