This article explains how to setup a Google Drive shared folder for multiple computers.
If you have not already setup Atakama on your computer you first need to follow the instructions in this link.
I. Locate your Profile ID
Click the Atakama icon in your system tray (Windows) or menu bar (Mac) to launch the Atakama Control Center by clicking the gear icon.
Select the Keys tab and take note of your Profile ID, which consists of four distinct words. All users will need each other’s Profile IDs to be able to share encrypted files with each other.
II. Configure Google Drive
Prior to configuring Google Drive:
i. You have setup Atakama.
ii. One dedicated team member (an administrator) has accessed Google Drive, created a new folder (this is the location where team members will save and access their encrypted files), and named the new folder (“Encrypted”).
iii. The new folder has been shared with the team.
iv. The folder should not contain any files.
Access Google Drive in your web browser.
Click “Shared with me”.
Click “Add to My Drive” in the context menu of the new “Encrypted” folder that has been shared with you.
Click on “My Drive” to confirm the folder is included in your list of available folders.
Click the Atakama icon in your system tray (Windows) or menu bar (Mac) to launch the Atakama Control Center by clicking the gear icon. Select the Cloud / Network tab.
Select Google Drive to launch the Cloud Storage window.
Click the login button to begin the authentication flow. A browser window will launch to allow you to login.
Once logged in, allow Atakama to access your Google Drive account.
Select the new folder (“Encrypted”) that was previously created and click continue.
Close the Cloud Storage window.
Proceed to Section III below for approvals and verification.
III. Approvals and verification
Atakama automatically detects the presence of other users in a shared location and will generate an “Access Request” for each user detected. The access requests allow you to specify who will have access to Atakama-encrypted files. Prior to granting access, and to prevent an attacker from attempting to spoof other user identities, Atakama requires verification of other users' computers.
Once you have received the Access Request, click the “Grant Access” button in the pop-up for each user who needs access to Atakama-encrypted files.
After you click on the Grant Access button you will need to enter the corresponding Profile ID (see Section I above for how to locate Profile IDs) in the “Verify ID” pop-up.
You will need to Grant Access and Verify IDs for each user. For example, if there are five users, each user will need to verify four other users.
(Optional) To manage the users that you have granted access to, click on the Sharing button for your designated sharing location within the Cloud / Network tab in the Atakama Control Center.
Click the Atakama icon in your system tray (Windows) or menu bar (Mac), click the gear icon, and click “Quit”.
IMPORTANT: Ensure all users have verified each other before adding any files to the Atakama folder.
OPTIONAL: Emergency Team Backup Devices
A team “emergency” backup can be used in the event of simultaneous loss of multiple keys. The emergency backup is created as though it were a separate team member, so you will need to dedicate one computer to function as the emergency backup.
Download Atakama to the designated computer and setup Atakama.
During the setup process, add at least 5 keys (“backup keys”). These can be mobile devices, including those already in general use by team members. You can also use keys-on-paper. Whichever keys you select, it is vital for the keys to be distributed so that a bad actor will be unable to access multiple keys.
Once setup is complete, from the Atakama icon in your system tray (Windows) or menu bar (Mac) open the Atakama Control Center and select the Keys tab.
Raise the number of keys required and click apply. We recommend a value of at least 3 keys, but no more than the total number of keys minus 2. For example, the value should be 3 if the total number of keys is 5. A higher value is more secure but is less redundant in the event of key loss.
The emergency backup must be granted access to the shared Atakama folder. Any files not shared with the emergency backup will not be protected by it, so you will need to follow the steps above for sharing a location with multiple computers.
If one of the emergency backup keys is lost, it must be replaced following these steps.
- When restoring access from the emergency backup computer:
Access the emergency backup and share the files in question with the users who require access.
You will need all the keys designated in Number 4, above, for approval.