Boxcryptor alternative: Kerveros
Boxcryptor was the go-to client-side encryption layer for Dropbox, OneDrive, and Google Drive — until Dropbox acquired its key assets in November 2022. New signups closed, licenses ran out, and the product was wound down. If you relied on Boxcryptor to keep your cloud provider blind to your files, you need a successor. Here’s the honest pitch for Kerveros — and where it differs.
What Kerveros keeps from the Boxcryptor model
- Client-side encryption, always. Every file is encrypted with XChaCha20-Poly1305 (keys derived via Argon2id from a passphrase that never leaves your machine) before a single byte reaches the cloud.
- Encrypted filenames. The manifest mapping file IDs to names is itself encrypted — your provider sees opaque blobs, not “Q3-payroll.xlsx”.
- Desktop-native apps for macOS, Windows, and Linux. Signed builds (Apple notarization, Windows Trusted Signing), background auto-updates.
What Kerveros does differently
- You bring your own bucket. Boxcryptor layered on top of consumer sync services. Kerveros talks directly to S3-compatible storage — Tigris (5 GB free), Backblaze B2 (10 GB free), AWS S3, self-hosted MinIO. No middleman service that can be acquired and shut down underneath you.
- Your files never depend on a Kerveros server. They live in your own bucket and decrypt locally with your passphrase — there is no Kerveros service in the data path. Licensing is validated through Lemon Squeezy with a two-week offline grace, and even an expired license keeps read access — so the failure mode that ended Boxcryptor structurally cannot cut you off from your own files.
- Team coordination built in. Atomic locks prevent two people from editing the same file simultaneously, with a tamper-evident audit trail of every check-in and check-out.
- One-time purchase. €79 Personal / €299 Team, one year of updates included, optional €29/year renewal afterwards. No subscription.
Side-by-side
| Capability | Boxcryptor | Kerveros |
|---|---|---|
| Status | Discontinued (acquired by Dropbox, Nov 2022) | Active — v1.2.0, June 2026 |
| Client-side encryption | Yes (AES-256 + RSA) | Yes (XChaCha20-Poly1305 + Argon2id) |
| File-name encryption | Yes (optional) | Yes — always on, encrypted manifest |
| Storage backend | Consumer sync clouds (Dropbox, OneDrive, …) | BYOK — any S3-compatible bucket you control |
| Account / server dependency for your files | Yes — account required | None — files in your own bucket (license via Lemon Squeezy, 2-week offline grace) |
| Multi-user lock coordination | No | Yes — atomic S3 locks + audit trail |
| Mobile clients | Had iOS / Android (now defunct) | Not yet (desktop only) |
| Pricing | Subscription (no longer purchasable) | €79 one-time (€299 Team), no subscription |
Migrating from Boxcryptor
There’s no automated converter — Boxcryptor’s vault format needs Boxcryptor’s keys to read. The path is straightforward, though:
- Decrypt your files locally while your existing Boxcryptor install (or exported keys) still works.
- Create a bucket on any S3-compatible provider — the Kerveros onboarding wizard recommends Tigris (5 GB free, no card) and auto-fills endpoints for Backblaze B2, AWS S3, and MinIO.
- Drag the decrypted files into Kerveros. They’re re-encrypted on your machine — contents, names, and structure — before upload.
The 14-day trial is full-featured with no card required, so you can run the whole migration before paying a cent.
Bottom line
Boxcryptor proved the demand for provider-blind cloud storage, then its acquisition proved the risk of depending on a middleman service. Kerveros removes the middleman: your app, your bucket, your keys. Nothing to acquire, nothing to shut down.