16 byte nonce used during header payload encryption.Cryptomator uses AES-SIV to encrypt files as well as directory names and associates according to the ID.įile header encryption: In this layer, the file header stores certain metadata, which is needed for file content encryption. The directory ID for the root folder is special and always empty. Initially, each folder gets a unique identifier called the directory ID. When unlocking a vault, the KEK is used to unwrap (i.e., decrypt) the stored master keys.įile name encryption: In this layer, the file and directory names are first encrypted before storing. The encrypted keys are stored as integers or Base64 strings in a JSON file named masterkey.cryptomator, which is located in the root directory of the vault. Every vault has its own 256-bit encryption key, and both the keys are encrypted using RFC 3394 key wrapping with a KEK derived from the user’s password, using Scrypt. Master key derivation: This is the first layer of encryption and here, the master key is created for the file that is being stored in the vault. Figure 2: Cryptomator’s six layers of encryption and storage methods Whenever your file manager accesses files through this virtual drive, Cryptomator will process this request via the following six layers of encryption and storage methods. WebDAV is an HTTP based protocol, and Cryptomator will act as a WebDAV server accepting so-called loopback connections on your computer. If they are not available on your system, Cryptomator will fall back on WebDAV, as it is supported on every major operating system. Every time your files are accessed inside the virtual drive, Cryptomator will encrypt/decrypt them on-the-fly.Ĭurrently, Dokany (on Windows) and FUSE (on MacOS and Linux) are the frontends of choice. The encrypted files are decrypted and converted back to readable format using the master key. For every encryption, a master key is created and stored separately.
Cryptomator vault code#
The encrypted data is converted to unreadable code before storing it on the cloud, and no unencrypted copies are stored on the hard drive. Files are encrypted using a method called Transparent Data Encryption (TDE). This feature helps troubleshoot any error and makes Cryptomator more reliable in terms of data protection.Ĭryptomator creates a virtual drive (vault) to add, edit, and remove files, as is the case with just about any disk drive. Cryptomator also has a feature called Sanitizer, with which it is possible to scan for any corrupted files in the vault. This makes it a lightweight application that is easy to run on any computer or smartphone, reliably. It encrypts files and doesn’t care where you store them. Cryptomator uses transparent data encryption and makes it very easy to store data on any cloud. Users are not required to specify which cloud network to use. Just with a password, one can use the vault and store data on any cloud.
With it, you don’t have to deal with accounts, key management, cloud access grants or cipher configurations. In this way, the synchronisation client of your cloud storage provider knows exactly what needs to be uploaded and what doesn’t.Įase of use and reliability: The simplicity and ease of use is the key feature of Cryptomator. Compared to other disk encryption utilities, Cryptomator encrypts each file individually, and if you make any change to a file in your vault then that file is only encrypted after being changed. Individual file encryption: With Cryptomator, everything you put on the virtual hard drive is encrypted individually in the vault. You can work on this drive just as you would on a USB Flash drive, though the data will be encrypted and stored somewhere on the cloud – for example, on Google Drive. Cryptomator creates a virtual hard drive, which gets synchronised with the encrypted data on cloud storage, and that data can easily be accessed using the virtual drive.
Transparent encryption: With this type of encryption, you will not notice any difference when working with your files.
Listed below are some of the key features of this software. It requires Java 9 or a newer version to run on any system properly.
Cryptomator vault android#
Cryptomator supports Android 4.3 and iOS 10.0 on smartphones, and is also compatible with iPad and iPod Touch.
Cryptomator vault software#
In order to use the latest version of the client software on a desktop PC or laptop, you must have one of the supported operating systems, which include Windows 7, 8 and10 MacOS 10.11, 10.12, 10.13, 10.14 and 10.15, as well as TODO Linux. The Cryptomator client can run on any desktop PC, laptop or smartphone.
0 kommentar(er)
