Cryptomator - Encrypt your Cloud Data Files on Linux

Figuring out a good path to security for your cloud data can be quite a challenge. Normally, the cloud is a very safe place for data, despite Fear, Uncertainty and Doubt (FUD) from those who might want to access their data everywhere anytime. But the security is a very problem so we need to use some tools or methods in other to prevent the risks. This is why you can use some tools like cryptomator to encrypt your data files.

How does cryptomator work?

Cryptomatoris a multi-platform transparent client-side encryption of your files in the cloud which works with Dropbox, Google Drive, OneDrive and any other cloud storage service which synchronizes with a local directory. It uses a passphrase to protect against brute-force attacks and the Advanced Encryption Standard (AES) method to encrypt your cloud data.

Cryptomator saves your data in a virtual drive called vaults which will be encrypted and secured with a passphrase. You can store these vaults on your local hard drive or cloud folder. When you create a vault, a master key is created into the vault folder. This key will help you to import the vault if you use another computer to synchronize your cloud data.

1) Installation

You can download cryptomator from their official download page. Deb , rpm and aur packages are available for Debian, Ubuntu, Redhat, CentOS and Arch Linux is available for  download. This article we are using PPA on Debian 9 to show installation steps.

# add-apt-repository ppa:sebastian-stenzel/cryptomator
 Cryptomator provides free client-side AES encryption for your cloud files. Create encrypted vaults, which get mounted as virtual volumes. Whatever you save on one of these volumes will end up encrypted inside your vault.
 More info:
Press [ENTER] to continue or ctrl-c to cancel adding it

Now you can update and install it

# apt update && apt install cryptomator 
Ign:1 stable InRelease
Hit:2 xenial InRelease 
The following additional packages will be installed:
 ca-certificates-java fonts-dejavu-extra java-common libopenjfx-java libopenjfx-jni openjdk-8-jre
 openjdk-8-jre-headless openjfx
Suggested packages:
 default-jre icedtea-8-plugin fonts-ipafont-gothic fonts-ipafont-mincho fonts-wqy-microhei fonts-wqy-zenhei
The following NEW packages will be installed:
 ca-certificates-java cryptomator fonts-dejavu-extra java-common libopenjfx-java libopenjfx-jni openjdk-8-jre
 openjdk-8-jre-headless openjfx

2) Encrypt your cloud files

To encrypt your files, launch cryptomator

You can create the vault into your cloud folder. In my case, it we will be dropbox. So, you will choose your cloud folder and enter the name of the vault

Then save the vault and enter a password to protect your vault

When you protect the vault, you need to enter the password you provided in order to access it and edit your files to encrypt

This will automatically open your vault but you will contend that the path of the vault is no longer the same as the one you created earlier. This is because cryptomator creates a virtual drive to protect the files presents into the vault with another path only accessible via the application and not directly via the GUI.

We can copy the files to encrypt. During the operation you have something like below with cryptomator

Now if we try to open the folder created into our cloud folder, you will not see the content because it is protected.

You can open the web page of your cloud application to check the content of your encrypted folder which is synchronized with your computer

So you can see that your files are not visible so it is protected. So, to access your files, you will need to launch cryptomator and unlock the vault.

3) Access your encrypted files from another computer

Now that you have secured your file, you need cryptomator in order to access the different files. So how can you access your files if you don't have your computer with cryptomator installed? Don't worry, you just need to install cryptomator, the cloud desktop application (dropbox in my case) to synchronize the file on the new computer. Now open cryptomator and choose open an existing vault

Now go to the synchronized cloud folder and choose the master key of the vault folder.

Now you can open the vault by entering the passphrase you use for the encryption

Now you can access your files. You can see that the virtual drive is mount

To permanently delete vaults from your system, you should go to the vault location in your file browser, so the cloud folder in our case and delete the folder that contains the masterkey.cryptomator file.

You can use Cryptomator to easily protect your cloud data. You can create as many vaults as you want, each having individual passwords. Note that you can't close cryptomator while a vault is unlocked. If you try to close the application while a vault is unlocked, the app is minimized.


Alain Francois 12:33 am

About Alain Francois

IT Linux administrator passionate of free and open source software, I work on Linux Systems since some years on installations and deployments of certain solutions. I like to share my experiences with a wider audience by training and conferences.

Author Archive Page

Have anything to say?

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.