Encrypt data synced to OneDrive with Bitlocker

Hey there !

Long time no article, but now there is pretty nifting idea to enhance security of your public-storage files – if you worry that much 🙂

The high level steps are simple:
1) Create VHDX at OneDrive syncing location (or any other drive you want to use, shouldn’t matter)
2) Mount the drive
3) Enable Bitlocker Protection (Windows 10 Pro +)
4) Dismount the drive to enable syncing

Now, to the details.

1. VHDX creation and mounting

You can do it via Disk Management GUI. With Disk Management you go right-click on start, Disk Management, from there Action -> Create VHD. Such created disk will not be initialized nor formatted, so you need to right click disk, press Initialize disk, partition type, file system and finish. Here is Powershell oneliner to create 15GB disk. Note you can replace the bytes with formula: (GB * 1024 * 1024 * 1024 ). Note it requires HyperV installed (New-VHD cmdlet comes from there)

New-VHD -Path S:\OneDrive\TestEncryption.vhdx -Dynamic -SizeBytes 16106127360
| Mount-VHD -Passthru | Initialize-Disk -PartitionStyle MBR -PassThru
| New-Partition -UseMaximumSize -AssignDriveLetter |Format-Volume -FileSystem NTFS

With the above, you will get a new drive mounted.

2. Encrypt with Bitlocker

Right click your new disk and press “Turn on Bitlocker”. Following prompt will appear:

Capture

Get the password in, save your recovery key somewhere, as it will be your last resort when your key stops working and complete to encrypt the drive.

With the drive loaded onto OneDrive sync location, upload files directly to the new drive. After you are done, just dismount the drive – OneDrive (and possibly other sync clients) are unable to sync mounted disk.

Enjoy Bitlocker-Protected OneDrive 😉
Bitlocker2
Btw. Public cloud providers will hate you for that, as it breaks their deduplication on storage – encrypted data doesn’t deduplicate well 🙂

AlexP

NB. I was exploring the second option to use Smart Card (I own Yubikey one) – I was able to encrypt the drive once, but unable to get certificate detected when trying to unlock it. Let me know if you had more luck with it!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s