LLMpediaThe first transparent, open encyclopedia generated by LLMs

Cryptomator

Generated by DeepSeek V3.2
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Dropbox Vault Hop 4
Expansion Funnel Raw 56 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted56
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Cryptomator
NameCryptomator
DeveloperSkymatic GmbH
Released15 January 2016
Latest release version1.9.2
Latest release date26 October 2023
Programming languageJava, Swift, Kotlin
Operating systemWindows, macOS, Linux, Android, iOS
GenreDisk encryption
LicenseGPLv3
Websitehttps://cryptomator.org/

Cryptomator. It is a free and open-source client-side encryption tool designed to provide transparent, on-the-fly encryption for files stored in cloud storage services. Developed by Skymatic GmbH, the software creates virtual encrypted drives that users can mount on their local systems, allowing seamless integration with services like Dropbox, Google Drive, and Microsoft OneDrive. By employing strong cryptographic standards, it aims to protect user data from unauthorized access by third parties, including the cloud providers themselves, without requiring users to trust the security of the remote servers.

Overview

The project was initiated to address privacy concerns inherent in using commercial cloud computing platforms, where data is often stored in plaintext on servers controlled by entities like AWS or Google Cloud Platform. Unlike full disk encryption solutions such as VeraCrypt, Cryptomator is specifically optimized for the synchronization and file-sharing workflows typical of cloud storage, creating an encrypted vault within the user's synchronized folder. Its development philosophy aligns with the principles of the free software movement, ensuring that its codebase is publicly auditable and modifiable. The software has gained recognition within the information security community for its practical approach to enhancing data privacy in an era of pervasive cloud adoption.

Features

A primary feature is the creation of a virtual encrypted filesystem that appears as a standard folder on the user's operating system, compatible with platforms including Windows, macOS, and various Linux distributions. It utilizes the WebDAV protocol on desktop systems to provide a mounted drive experience, while its mobile applications for Android and iOS offer direct file access. The software supports filename encryption to obfuscate metadata, and it employs AES with 256-bit keys in Galois/Counter Mode for file contents. Integration is designed to be seamless with major cloud clients, avoiding conflicts with services like Google Drive for desktop or Dropbox's own synchronization mechanisms.

Architecture

The architecture is client-based, meaning all encryption and decryption operations occur locally on the user's device before any data is transmitted to a remote service like Microsoft Azure or Amazon S3. It structures an encrypted vault using a dedicated directory containing encrypted files and a master key file. The system relies on SQLite databases to manage file metadata and directory structures in an encrypted state. For cryptographic operations, it leverages well-established libraries, including the Bouncy Castle cryptographic provider. This design ensures that the cloud storage provider only ever handles ciphertext, aligning with a zero-knowledge architecture where the service has no access to encryption keys.

Security model

Its security model is based on transparent end-to-end encryption, where the user's password, processed through scrypt for key derivation, protects the master key. The master key is then used to encrypt individual file keys, following a design pattern inspired by concepts in public-key cryptography. All cryptographic primitives are selected from peer-reviewed standards, including AES-GCM for authenticated encryption and RSA for key wrapping in the vault configuration. The model is designed to resist threats from a compromised cloud storage provider, as well as attacks during data transmission over networks. The open-source nature of the project allows for independent audits by security researchers, a practice encouraged by organizations like the Open Source Initiative.

Usage

Typical usage involves installing the application, creating a new vault within a synchronized folder managed by a service like pCloud or Box, and setting a strong passphrase. Once unlocked, the vault behaves like a removable disk, allowing users to drag and drop files using their native file manager. It is particularly popular among journalists, activists, and businesses seeking to comply with data protection regulations such as the General Data Protection Regulation without abandoning convenient cloud workflows. The software also finds use in academic and research settings where sensitive data must be stored on platforms like institutional repositories.

Development and licensing

Development is led by Skymatic GmbH, a company founded in Siegburg, Germany, with contributions from a global community of open-source developers. The core desktop application is written primarily in Java, while the mobile apps use Swift for iOS and Kotlin for Android. The project is licensed under the GNU General Public License version 3.0, ensuring all derivative works remain free software. Funding is supplemented through a paid tier for the mobile applications on the App Store and Google Play, as well as donations, which support ongoing maintenance and feature development in line with the roadmap published by the development team.

Category:Free security software Category:Cryptographic software Category:Cloud storage