Cryptomator Secures Your Cloud Storage Data (Open Source, Multi-Platform Client-Side Encryption Tool)

cryptomator

If you're looking for a cross-platform solution to encrypt your cloud storage files, I suggest you give Cryptomator a try.

Cryptomator is a free and open source software tool that provides client-side encryption for your cloud storage files, available for Windows, Mac, Linux, iOS and Android.

The tool, which is very easy to use, supports any cloud storage provider that synchronizes with a local directory, so it works with Dropbox, Google Drive (Google Backup and Sync or whatever Google calls it nowadays), OneDrive, ownCloud, and so on.

Because Cryptomator uses client-side encryption, it means your data is first encrypted and only then synchronized with the online cloud storage service, so no unencrypted data leaves your computer. Internally, Cryptomator uses WebDAV to provide the virtual, unencrypted drive, but FUSE integration is also in the works for Linux and Mac, and there's already a Cryptomator beta version which includes this. Update: Cryptomator 1.4.0 was released, and it includes support for FUSE on Linux and macOS, and  Dokany on Windows.

Using Cryptomator, you can encrypt your whole cloud storage, or only a few important, sensitive files such as documents or whatever you like. You can even create multiple vaults for a single cloud storage provider, so for example you can have a vault for personal use, as well as a vault that's shared with your colleagues, each with its own individual password.vailable on GitHub, but it's not recommended to be used by inexperienced users for security reasons.

While Cryptomator is designed to encrypt your cloud storage data, you don't have to use it with a cloud storage provider. The application can also be used to simply encrypt a folder on your system or some external drive.

You may also care about performance. The Cryptomator developers say that there's no limit on the size of a vault in both bytes or number of files, and the performance will not suffer significantly if you use some very large files. However, directory listing may get slow for cases in which the directory contains a large number of files (1000+).

So what about its security? Cryptomator encrypts both the file contents as well as filenames (the folder structure is obfuscated as well) using AES with 256-bit key length, while the passphrase is protected against bruteforce attacks using Scrypt, a password-based key derivation function (which is designed to be computationally intensive, so the attacker would need to perform the operation billions of times). You can read more about the Cryptomator security on its website.

In my opinion, a cloud storage encryption solution needs to be free and open source software, secure, multi-platform because, after all, we're living in a world where we need to access files on multiple devices, and be easy to use. And Cryptomator has all of these features.

Below I wrote how Cryptomator works, not because it's not easy to use (it is as easy as it gets), but so you can get an idea on what to expect before using it.

How to use Cryptomator on your desktop to encrypt your cloud storage data


The first time you run Cryptomator, you'll notice its very simple user interface with only 3 buttons - one to add a vault, a button to remove an existing vault and a settings button (you don't need to modify any settings unless unless you want to use WebDAV (and specify a different WebDAV scheme or port), enable debug mode or enable / disable checking for updates).

If possible, use the default volume type though - FUSE on Mac and Linux, and Dokany on Windows.

To get started, click the + button and select Create New Vault:

cryptomator how to use

Now browse for your cloud storage provider folder (for example your Dropbox folder), enter a name for your new vault and click Save:

cryptomator how to use

To be able to synchronize the data, make sure you select a folder inside your Dropbox, MEGA, ownCloud or whatever cloud storage you use.

Now enter a passphrase for your new encrypted vault (make sure you don't forget it as there's no way to recover the data without this passphrase) and click the Create Vault button:

cryptomator how to use create vault

When you want to open your encrypted vault, enter the password, click Unlock Vault...:

cryptomator how to use unlock vault

... and a new window of your default file manager should open, pointing to the Cryptomator safe location:

cryptomator webdav nautilus

Place any files that you want to encrypt in your cloud storage, in this FUSE / WebDAV location (depending if you're using FUSE or WebDAV in Cryptomator's settings). In the future, this is how you'll be able to access your files unencrypted.

If you check the files in your cloud storage, you'll notice they are encrypted.

Here's the end result on my system:

cryptomator encrypted vs unencrypted

On the left-hand side of the screen you can see the contents of the newly created encrypted vault called "crypt" which sits in my Dropbox folder. On the right-hand side of the screen it's the WevDAV / FUSE volume created by Cryptomator, which is mounted in Nautilus file manager, and contains a Documents folder which is not encrypted. The left and right folders have the same files, the difference being that my Dropbox folder contains only encrypted files (left), while I can easily access those files unencrypted (right) from my file manager.

You can also check out the official Cryptomator English desktop user manual.

Download Cryptomator



Update: with Cryptomator version 1.4.0, the downloads page offers an AppImage binary for Linux instead of DEB or RPM packages. There's also an Ubuntu / Linux Mint PPA, as well as an Aur package.

A Cryptomator JAR file is also available on GitHub, but it's not recommended to be used by inexperienced users for security reasons.

3 comments:

  1. Using Cryptomator on Linux Mint (I guess the same goes for Ubuntu) is problematic as the webdav connection doesn't work correctly. This is caused by the way the webdav connection is set up in Cryptomator, namely by using gvfs. Is there a solution for this besides trying to circumvent this problem by manually applying davfs?

    ReplyDelete
    Replies
    1. I use google-drive-ocamlfuse (https://github.com/astrada/google-drive-ocamlfuse), then use Cryptomator to create & manage the vault. Works in Ubuntu 16.04. Worth a donation. The vault is also accessible through Cryptomator Android, so it's a nice solution.

      Delete
    2. I'm not seeing any issues with Cryptomator on my Ubuntu 18.04 computer. A solution for those that have this issue is in the works, sort of... Like I mentioned in the article, FUSE integration is currently being tested for Cryptomator (available with version 1.4 beta) which apparently will solve / avoid some linux / mac problems.

      Delete