Encrypted Dropbox/Box/GoogleDrive folder on macOS using gocryptfs

start-gocryptfs.sh

#!/usr/bin/env bash
set -euo pipefail

## encrypted files; script will create this. Put in a synced folder
ENCRYPTED_FOLDER="~/Dropbox/encrypted"

## mountpoint; script will create this. Should stay empty when not mounted!
## DO NOT PUT THIS IN A SYNCED FOLDER - DOING SO WILL SYNC UNENCRYPTED DATA
MOUNTPOINT="~/.local/cloudmount/Dropbox-Encrypted"

## NOTE: FUSE (macFUSE/osxFUSE) is required. https://osxfuse.github.io/
if ! [ -d "/Library/PreferencePanes/macFUSE.prefPane/" ]
then
   >&2 echo "macFUSE/osxFUSE is required, but not found"
   >&2 echo "NONFREE; install from https://osxfuse.github.io/"
   exit 123
fi

if !(touch /usr/local/bin/gocryptfs && rm /usr/local/bin/gocryptfs)
then
  >&2 echo "FATAL: can't write to /usr/local/bin"
  exit 1
fi

## build and install gocryptfs
repodir="${TMPDIR}/gocryptfs"
workdir="$(pwd)"
mkdir -p "${repodir}"

git clone https://github.com/rfjakob/gocryptfs.git "${repodir}"
cd "${repodir}"
./build-without-openssl.bash

if ! [ -x ./gocryptfs ]
then
  >&2 echo "FATAL GoCryptFS not built. Leaving '${repodir}' in place to investigate"
  exit 1
fi

cp ./gocryptfs /usr/local/bin
cd "${workdir}"
rm -R "${repodir}"

## set up the encrypted filesystem
>&2 echo "Setting up encrypted filesystem in ${ENCRYPTED_FOLDER}"
>&2 echo "!!! Choose a strong passphrase and record the master key somewhere safe !!!"
mkdir -p "${ENCRYPTED_FOLDER}"
mkdir -p "${MOUNTPOINT}"

gocryptfs -init "${ENCRYPTED_FOLDER}"
read -p "NOTE YOUR MASTER KEY, then press <Enter> to continue"
gocryptfs "${ENCRYPTED_FOLDER}" "${MOUNTPOINT}"

>&2 cat << EOM
Encrypted filesystem in '$ENCRYPTED_FOLDER'
   mounted to directory '$MOUNTPOINT'
   
To unmount: 'umount "$MOUNTPOINT"'
To remount: 'gocryptfs "$ENCRYPTED_FOLDER" "$MOUNTPOINT"'

!! PLEASE MAKE SURE YOU HAVE YOUR MASTER KEY STORED SAFELY
EOM