Cryptomator is a free and open source client-side encryption solution for your cloud files
, available for Linux, Windows and Mac OS X, as well as iOS. An Android app is currently under development.
Cryptomator is advertised as being especially developed to encrypt your cloud files from services such as Dropbox, Google Drive, Mega and other cloud storage services that synchronize with a local directory.
Since the encryption is done on the client side, it means that no unencrypted data is shared with any online service.
Furthermore, you can use Cryptomator to create as many vaults as you want, each having individual passwords.
For the encryption, Cryptomator uses AES with 256-bit keys. For an extra layer of security, directory structures, filenames and file sizes get obfuscated, while the passphrase you set for encryption is protected against bruteforce attempts using Scrypt
. The Cryptomator security architecture
page has more information regarding its encryption / privacy.
I should also mention that Cryptomator uses WebDAV to mount the vaults and this causes some issues on Linux, like not being able to open LibreOffice files directly from the unlocked vault (although this didn’t occur in my test under Ubuntu 16.04) – bug report
. In the future, Cryptomator may switch
to FUSE on Linux and OS X to avoid such issues.
How to use Cryptomator
Let’s create your first vault using Cryptomator. Launch the application and click “+” to add a new vault, then browse the location where you want to create it.
For instance, if you want to create a folder called “Encrypted” in your Dropbox directory, select the Dropbox directory and enter “Encrypted” as the vault name, then click “Save”:
Then enter a password for the newly created vault and click “Create vault”:
Now to copy some files in your vault, you’ll need to unlock it, so enter your password and click “Unlock vault”:
After clicking “Unlock vault”, your unlocked vault (which is mounted via WebDAV) should open in the default file manager:
Any files you copy here are synchronized as encrypted with Dropbox (or whatever other cloud storage service you use).
Note that you can’t close Cryptomator while a vault is unlocked. If you try to close the application while a vault is unlocked, the app is minimized. To be able to close the application you need to re-lock the vault, by clicking “Lock vault”.
(binaries: 64bit only deb for Ubuntu / Debian, Windows and Mac OS X as well as a generic JAR executable)
Note that if you use the JAR file, you’ll need to install JRE 8 and the JCE unlimited strength policy files. That’s not required if you install the deb, because both JRE8 and the JCE unlimited strength policy files are bundled with the deb.
Arch Linux users can install Cryptomator via AUR
Cryptomator is also available for iOS
. An Android app is in development.