1

Assuming that someone has a Mac and uses FileVault 2 FDE (256-bit AES key) and uses the BoxCryptor (256-bit AES key) for the clouds like Dropbox/GDrive/etc and or some other folders.

FileVault 2 uses AES with 256-bit keys and FileVault 2 encrypt the FDE while the system is halted.

BoxCryptor uses AES with 256-bit key and from a search on the internet it uses CBC as block chipher. Also, BoxCryptor decrypt and encrypt on user demand. So, the user asks to decrypt it a file and the files are not auto-decrypted while the system is up like the FileVault2 (correct me if I am wrong about that by the way).

Also, both of them have a different public and private keys due to the fact the "initialized passwords" were completely different.

In this case,

Let's take the following example:

  1. User: Turn on the Mac and login into his account.
  2. FileVault 2: Decrypt the whole disk.
  3. User: Open the Boxcryptor and encrypt a file: textfile.txt on the "Dropbox" folder
  4. User: Ask the Mac to be shutdown.
  5. FileVault 2: Encrypt again all the files. So, it encrypts again the already encypted file: textfile.txt from the BoxCryptor.
  6. Mac: It is powered off.

Question:

When the User turns on the Mac again, and FileVault 2 decrypts all the disk files, Is it possible to harm the already encrypted BoxCryptor file textfile.txt which is located in the "Dropbox" folder ?

So, as you imagine, the question is about:

a double AES encryption with different keys and I think with different chipher blocks as well.

P.S. I dont know what chipher block FileVault 2 uses. Sorry. If someone knows about it, just edit the the question to provide more information about that.

P.S.2 Also, I saw a couple of good questions in the security.stackexchange about a double encryption, but all were quite general. They had answers like: Yep, it is secure, but what about the block chiphers? what about the Initianilation Vectors? Is the private key the same or different?
That's why I am writting the whole details about the encryption methods and I am focusing only in FileVault 2 and BoxCryptor and not in general encryption.

Greg
  • 317
  • 2
  • 5

1 Answers1

2

As Boxcryptor operates on the file level, it is totally fine to run it on top of an already encrypted file system (e.g. FDE, FileVault, BitLocker, True|VeraCrypt, etc.). A Boxcryptor encrypted file (with .bc extension) is just a regular file which can reside on any file system.

Robert F.
  • 51
  • 3
  • I think the answer would be better if it tries to explain some of the details that the OP is asking about. They seem to be missing some key understanding about encryption just working on bit streams. – Neil Smithline Feb 26 '16 at 14:44