How to Encrypt and Share Items on Google Drive

This tutorial is based on Windows 7 and GPG4Win, but the basic idea can be translated to any operating system and GPG Key Manager. The goal is to be able to encrypt the contents of your Google Drive. There are numerous ways to do this. For example, you could make a Truecrypt volume, but syncing this would be a nightmare. You could also use Visual Subst ) to map a Windows drive, then use TrueCrypt, but you'd still have the syncing issue.

 So, we're going to use GPG. GPG is the "free" version of PGP, and it's just as good. You can get more info here. GPG is a public key encryption system. Basically the way it works is users create a key pair -- one public key and one private key. The public key is published to a server where other users can access it. In order to encrypt something only viewable to you, a user would encrypt a document with your public key, and the only way to decrypt that would be with the corresponding private key (you MUST protect your private key).

A couple of caveats: 

* You will not be able to "preview" documents. You will have to download them.

* You will not be able to search encrypted documents -- but neither will Google ;) 

* You can "Backup" your private keys and sync them with your smart phone if there's GPG software available for your phone (if you trust your smart phone OS not to phone home with it). This will enable you to still read files that people share with you. I currently use an Android device, and there is no up to date free GPG software. There is a program that costs <$3, but I did not test that.

* Setup is not tedious. I've purposely tried to include as much info about setup as I could think to include, so this post looks a bit long-winded; but it took me a total of 10 minutes to download and install the software, set up and publish my keys. Once you encrypt files a couple of times before sharing them, it will just become second nature.

The first step is (obviously) to set up Google Drive. As this is not a Google Drive Setup tutorial, I'm going to assume that you've gotten that far, and have a local Google Drive folder that's syncing.

The next step is to download and install GPG4Win, located here. 

Once Installed, open GPA (if you used the defaults during install, this will be under Start -> All Programs -> GPG4Win -> GPA. Now we're going to set up our keys. Go to the "Keys" Menu and select "New key..."

You can leave the algorithm and key size set to the defaults. Enter your name and your email address, and a comment if you like. If you prefer, you can set your key to expire. In theory, this is a good idea, but it may not make sense for everyone to do this. Once the key is generated, it will show up in your Key manager shown below:

Now we have to publish our key (otherwise no one will know how to encrypt the items they wish to share):

Once you select "Send keys..." the default server is fine. A couple of seconds later, your public key is published, and folks can share and encrypt stuff that only you will be able to see (You'll need to be able to tell them your Key ID (It's in the first column in Key Manager) and server where your key is located.

So, now we've got our public key published. We're going to assume that someone you wish to share a file with has gone through something similar and has published their keys to the GPG key server. We need to download their public key into our key ring. Select the "Server" menu, and the "Retrieve keys..." Enter their Key ID, and it should be imported.

Now let's say that there's a document that we want to encrypt and share with a single person. We first need to import that file into GPA. In the Key Manager, on the top toolbar, there's an icon titled "Files." Click it, and your File Manager Window will open:

Go ahead and Click the "Open" icon and select the file you wish to encrypt and click the "Open" button:

Once the file is open, if it's the only file, it should be highlighted. If not, highlight it and click the "Encrypt" button on the toolbar. You'll be prompted with another window where you can select the public key of the person you wish to send share the file with:

Select their key, and click OK. By default, it will save the file in the same folder as the original, with the extension ".gpg" Here's what an encrypted file looks like in Notepad:

Don't worry. It didn't translate your precious document into Chinese and then send it off to China. Those characters are just the Windows way of translating extended ASCII characters.

If you want to encrypt files that only you can read at a later date, just encrypt them with your own public key (it should by default be in your keyring).

So, that's pretty much it. Again, as I said before, this isn't a Google Drive how to. I'm going to assume that you know how to upload and share documents via Google Drive. Using the built in access control that Google Drive provides (I have to safely assume that Google knows a little about access control and ensuring only the folks you select to share the document are the only ones able to actually see it), and GPG, you can safely encrypt and share documents in the "Cloud."