Encrypted Cloud Storage with Cryptomator

Cryptomator works with cloud services that synchronize data with the cloud. The application uses AES encryption (256-bit) and encrypts not only files, but also filenames and directory structure. You’ll find downloads for Windows, macOS, Linux, Android, and iOS at https://cryptomator.org/. The latter are incompatible, more than a little bit.

You know that you can decrypt files you have encrypted on Windows, for example Android, because the software works on all platforms. When you configure the program for the first time, we recommend that you do this with the computer version. The setup is self explanatory.

For example, unlike VeraCrypt, Cryptomator does not work with one vault, but with several vaults. Each vault can hold as many files and folders as you want. No limit. Click the button in the lower left corner of the Start window add safe and then follow the wizard. Give this vault a name.

The tool then asks where to keep the safe. Cryptomator is specially designed to protect data in the cloud. Therefore, your goal is to specify a cloud service (Google Drive, Dropbox, OneDrive, etc.), but if you want, you can also store a vault locally on your computer’s hard drive. other location chooses. By other location you can also browse the sync folder of another cloud service.

After marking the location, you need to type a password. The program tells you if your password is strong enough, based on colored blocks. Encryption doesn’t make much sense with a bad password. The selected password must contain at least eight characters.

Remember this password, otherwise you will no longer have access to the files and there is only one possibility to reset the password: the recovery key. The option to generate a recovery key can be found at the bottom of the box where you enter the password of the vault. This key is a list of words that you should store in a safe place, for example in a password manager, on a USB stick, or by printing the key on paper.

Create as many cases as needed. If such a safe has not been unlocked yet and you access the content via the web interface, you will find meaningless files there. Therefore, never work in the safe’s folder without first unlocking it.

To find the real content, open Cryptomator, select the desired vault and use the button. Unlock† In this popup, you can select: save password allows this key to be stored in the system’s keyring. Then type the password and you will get a message that the safe has been unlocked.

This will open a virtual drive on the computer. If you can’t see it right away, use the command. show disk† On Windows, the drive is given a drive letter, just like an external hard drive or USB stick, and on macOS you can recognize the virtual drive by the name of the enclosure.

When you want to upload encrypted files, you have to drag the files to Cryptomator’s virtual drive. If you then lock the vault and look in this folder, you won’t be able to trace the files you just added via Cryptomator.

It is possible to change some properties of the vault in Cryptomator. For this, the safe must be closed. In the start window of the application select the vault and click the button at the bottom right: Case Settings†

on the tab General you can rename the vault and automate two things. You can get the vault lock automatically if you haven’t taken any action for a certain amount of time (default 30 minutes). And you can have the vault unlock automatically every time you start Cryptomator. You can also hide notifications that the vault is locked.

on the tab Connect You can always make the contents of the virtual disk read-only. That way no one can copy, modify or delete files.

Normally, the system itself assigns a drive letter to the virtual drive, but in this tab you can go to the option. port always assign a specific drive letter to be assigned to the virtual drive.

You use the third tab to change the password, save the recovery key, or recover the recovery key and password.

Contrary to what is written on the internet, the mobile versions are closed source and therefore not free. Only desktop versions of Cryptomator are open source. For Cryptomator and Cryptomator 2 you pay 11.99 Euros on the App Store and Google Play. You can download the apps for free and then try them with all their functionality for 30 days. After that, you can use read-only mode without paying.

According to Skymatic, a Bonn start-up, the encryption technology is open source, but the applications themselves are not. It’s not clear why the company differentiates between the desktop and mobile versions.

When a safe is opened, the button changes Case Settings on the home screen Case statistics† With this button, you can monitor how much data is read and written in real time.

Although Cryptomator’s emphasis is on online protection, it is a purely native application. The password is never sent over the internet, and Cryptomator will never leave unencrypted files on the hard drive, even if the files are mounted to the virtual drive.

The tool can discover vaults stored on other machines. If you switch to another computer, you can unlock encrypted folders on every Cryptomator installation.

On the Cryptomator main screen, change the order of different crates by holding them with the mouse pointer and dragging them up or down.

Of course, you can also delete a vault. To do this, the safe must be locked. On the start screen, right-click on the vault you want to get rid of and select the command to pick up† This does not actually delete the folder containing the files. All that has happened is that Cryptomator will no longer encrypt this folder. Use the system’s file manager to actually delete the files.

The password you set generates a KEK (Key Encryption Key): this is an encryption key that encrypts other keys. Changing the password changes the KEK, but the keys encrypted with the KEK remain the same.

In concrete terms, this means that your files will not be re-encrypted when you change the password. Also, you cannot replace a weak password with a stronger one. Cryptomator will deny it. If you want to protect files with a new, much stronger password, you’d better create a new vault and drag the data from the old to the new.

If you know how the desktop version works, you can work with the mobile versions as well. On iOS, Cryptomator works with the Files app to access encrypted data in this way.

An advantage of the iOS and Android versions is that the app supports biometric security, so you can access the safes not only with your password, but also with your fingerprint or facial recognition.

Many users start with Cryptomator without committing to a recovery key. No problem, you can do this later as long as you know the password.

Select a safe that is still locked from the home screen. Then click on the Vault settings button and use the tab there password† In this popup, click the button Show recovery key† Cryptomator first asks for the password of this vault. After entering this, you will be presented with a 40-word text field. This is the recovery key. You can copy this text to the clipboard and save it in a safe place and/or print it on paper.

Forgot the password to a safe? then go Case Settings and select in tab password for button reset password† Then you can paste or type the recovery phrase.

Also, Cryptomator has auto-completion of words. Type a few letters and choose the correct word from the suggestions. then you can tab or right arrow key Use it to autofill the word.

If the program accepts your recovery key, you must assign a new password to the vault. Cryptomator will not generate a new recovery key, it will remain the same.

In the program’s toolbar, use the gear to open the preferences. It allows you to display the icon of the program in the system tray or the application will start automatically with the system.

Finally, it is possible to watch the program in dark mode, but only if you have a supporter certificate. Such a certificate is a code you will receive by e-mail if you support the development of the product by depositing at least 15 euros.