When it comes to storing your files on services like Dropbox, Google Drive, and OneDrive, security and privacy has never been a strong point. Sure, some of these services encrypt your files, but it’s still their encryption. These companies have the power to decrypt customer data if needed. And not everyone trusts the cloud to be in control of the encryption process.
Cryptomator is an app that works with existing cloud services, to add zero-knowledge encryption to your cloud files. Since the software is open source, you can verify that it doesn’t contain any backdoors. It’s also free (mostly).
How to Set up and Use Cryptomator
Cryptomator’s software works on Windows, Mac, and Linux, in both 32 and 64-bit flavors. A Java version is also available, for cross-platform compatibility.
Using the software is fairly simple. By clicking the “plus” sign in the bottom-left corner, you can create a new vault. Cryptomator will ask for a filename, but it will actually create a folder. Create a vault (folder) in your cloud storage service, and all your encrypted files will be stored in this subfolder. Vaults are protected with a non-recoverable passphrase created by you.
You can even create a vault on a local or USB drive, for extra security for your non-cloud files. As long as the location is accessible to your operating system, Cryptomator can store encrypted files on it.
The next step is to unlock and mount the vault. This requires entering the password you set when creating the vault. You can also set a drive name and letter (or let Cryptomator choose one automatically).
When a vault is mounted, Cryptomator creates a virtual hard drive on your operating system. Any files you put in this drive will be encrypted to your vault location. The software works transparently in the background, encrypting and decrypting files as needed.
In my tests, I didn’t have any errors and everything seemed to work exactly as described.
The software has a slight performance impact when moving around files. It’s interesting that Cryptomator shows the throughput (in MiB/s) for the data being encrypted and decrypted. This can be helpful in estimating the time needed to process a large file.
Cryptomator for iOS
Cryptomator has an app for iOS, and apparently an Android one is in development. The iOS app costs $5. It works with the following services:
- Google Drive
- iCloud Drive
Integration with more cloud storage services is planned. WebDAV support extends the list somewhat to services like Box and ownCloud, but it’s more of a workaround.
The app can open photos, PDF documents, PowerPoint files, and even CR2 camera files. Some video files, such as MPG couldn’t be opened on my app. Regardless, I felt like the app was amazingly well polished. It worked about as well as the native apps for Dropbox and Google Drive, although a bit slower due to the decryption process.
Files can be uploaded directly from the app. Cloud files can also be shared by tapping the iOS share icon, with all the standard options such as email, send via text message, and share to Facebook.
There are a couple advanced settings. Touch ID is supported, so you can unlock your cloud storage vaults with your fingerprint. It can be selectively enabled for each vault, so if you want a vault to always require a password, you can do that. Auto-lock by default is set at one minute, but this can be changed anywhere from “instant” to 10 minutes.
Cryptomator claims to use AES encryption for all files. Files are stored separately, so that if a file changes, only the file needs to be uploaded (rather than the entire data set, in the case of disk encryption utilities like VeraCrypt).
The software also performs file size obfuscation. This adds a random amount of data to each file (up to 10% of the file size), so even if the size of a decrypted file is known, an attacker couldn’t match it to an encrypted file of the same size. It’s pretty neat, and the developers seem to have covered any potential security holes.
Full details are available on Cryptomator’s security architecture page.
Compared to Boxcryptor
There are stark differences between Cryptomator and Boxcryptor. For one, Cryptomator is free and open-source. That means you can look at the code and verify that it doesn’t contain any backdoors or vulnerabilities. There are clear security benefits to choosing Cryptomator due to the open-source nature. Also, even if development ceased tomorrow, the source code is already out there and could be continued.
Boxcryptor supports over 20 cloud storage services with their mobile app. Cryptomator only supports four, although you can connect to more with WebDAV. There are file sharing and group management features with Boxcryptor’s business plans. Boxcryptor also charges a yearly subscription fee. Finally, Boxcryptor requires you sign up for an account, which will not appeal to some people for privacy reasons.