How to secure your cloud data with Cryptomator

Software category image

If you use cloud storage solutions like Microsoft OneDrive, Google Drive, or Dropbox, you can keep your data secret with this tool.

Many people use cloud storage to store, share, and even backup their data online. When using an up-to-date phone or pc, you most likely will end up having some gigabytes of cloud storage just by using a specific operating system. And the companies “enforce” you to use their storage so that you buy upgrades if you run out of space.

In general, that is ok. But people tend to save very private data in the cloud. And because encryption is not enabled or built into these services by default, you risk losing sensitive information in case of a data breach. We are talking about naked pictures, credit card information, internet account login data, or private crypto wallet keys. This information must stay private and in this article, I am going to help you achieve that.

Why do you need security?

Many major companies have reported that they suffered attacks where user data was stolen. Therefore, you should care about data protection and security because it is obvious that companies cannot provide it on their own. If a hacker hacks your cloud provider and gets information about you, it is your problem. The provider will most likely be fine, but if your business plan gets stolen or pictures get leaked, your whole life can be destroyed.

What is Cryptomator?

Cryptomator is a free tool that runs on Windows, macOS, Linux, iOS, and Android. It encrypts your data before it is uploaded to the cloud. The program is provider agnostic meaning it works with any cloud service that uses a local folder system on a device.
The backing and development of the tool are provided by the startup Skymatic GmbH located in Bonn/Germany. The product is under active development, the latest release was on April, 27th of 2022.
The entire source code is available on GitHub under the license GPLv3 for FOSS. In 2017, an audit was performed on the crypto libraries. The result can be found here, though it may not reflect the current implementation anymore.
Financial compensation is achieved by donationssponsorships, and custom enterprise implementations for different businesses.

List of supported solutions (no particular order)

  • Dropbox
  • OneDrive
  • Google Drive
  • MEGA
  • pCloud
  • ownCloud
  • Nextcloud

Features

  • On-the-fly file encryption
  • File names are encrypted
  • Folder structure is obfuscated
  • 100% free and open-source
  • No account necessary, no data shared with any online service

How does it work?

Cryptomator creates a virtual folder on the device that you can use like any regular folder. When you unlock the folder with your password, you can access and modify data. Cryptomator de-/encrypts files on the fly. The write operation is atomic meaning everything will be written or nothing in case of a failure. There won’t be unencrypted files on your disk at any point. Encryption is done with the AES-256 algorithm which can be considered secure today. There are no reports available that the encryption was broken.

For more details about the security architecture, have a look at the following link.

In the following images, you can see the files and folders that Cryptomator creates. vault.cryptomator is the identifier to register a vault to the application. The d folder contains encrypted data which includes file and folder names.

Cryptomator folder and file structure
Cryptomator folder and file structure
Content of Cryptomator data folder
Content of Cryptomator data folder

The latest release is available on the Cryptomator homepage. Apps are available on Google Play, F-Droid, and App Store.

Unlocking a vault in Cryptomator on Windows

Create a new vault

  • Open Cryptomator and select Add VaultCreate New Vault
  • Choose a name and a storage location
  • Set a password and create an optional recovery key
  • The vault will be added to your dashboard and you can unlock it with the password

Add an existing vault

  • Make sure your cloud data is synced to your device
  • Open Cryptomator and select Add VaultOpen Existing Vault
  • Use the file explorer, navigate to the cloud folder, and find the vault.cryptomator file
  • The vault will be added to your dashboard and you can unlock it with the password
Adding vaults in Cryptomator on macOS

Workflow

  • Open a vault
  • Edit files
  • Lock vault

It is as simple as that to secure your cloud data!

Cryptomator provider selection on iPad

Alternatives

▶ Boxcryptor is similar to Cryptomator. The main differences are that Boxcryptor is not open-source, the free version only allows one cloud provider, but it has more features like sharing private data without sharing the password. Many comparisons found on the internet seem biased or not very accurate, so I suggest that you decide for yourself.

▶ VeraCrypt (fork of the famous TrueCrypt) offers strong encryption capabilities but has no cloud integration features like Cryptomator. You could replicate the Cryptomator workflow with VeraCrypt, but it would be far more complicated than with Cryptomator.

▶ OneDrive Personal Vault is a folder inside your OneDrive folder structure that is intended to store your sensitive data. Access requires additional authentication to restrict unwanted access which makes working with the vault more complicated than using Cryptomator.

Conclusion

If you care about security and privacy for your cloud data, you should give Cryptomator a try. It is very easy to use, it provides a good security enhancement, and it is completely open-source. I use the product since 2017 and haven’t been disappointed once. If you like the work and product, consider supporting them with a donation.

Related articles