Store data securely in the cloud with Cryptomator
Secure Cloud
Cloud services often place little value on data encryption. With Cryptomator, you can easily and transparently encrypt your data locally before uploading to the cloud.
Cloud services provide a convenient and cost-effective alternative to local storage, especially for users who want to access their data from anywhere. However, many cloud providers do not pay sufficient attention to data security. They often store unencrypted data in the cloud as well as transferring the data without encryption. This paves the way for hackers to sniff for authentication data to access a cloud account and then spy on the data.
State institutions, such as intelligence services or investigative authorities, can also view this unprotected data. In addition, this kind of sniffing is often legal, especially in countries where data protection is of little importance. Cryptomator [1], a program developed by the German company Skymatic, puts a stop to this data espionage by encrypting your data transparently. Since Cryptomator's source code is licensed under the GPLv3, built-in backdoors are eliminated.
Strategy
Cryptomator works as a local server that processes the data to be encrypted on a virtual drive integrated by the Filesystem in Use (FUSE) module on Linux. If FUSE is not available, the software uses WebDAV instead. Cryptomator always encrypts the data with a 256-bit AES key and a MAC master key, generating the keys using scrypt technology [2]. In contrast to many other cryptographic programs, Cryptomator not only encrypts the file contents, but also their metadata. In addition, it changes the file size, which makes it difficult to draw conclusions about a file's content.
The software has an easy-to-use graphical front end that works with vaults where you store the data. The vaults match the directories to be synchronized with the cloud service; in other words, the front end must be connected to some kind of cloud storage. The files can be edited at will in the respective vault; encryption and decryption takes place practically in real time. The cloud service client then transfers the locally encrypted data to the server without transferring the keys.
Installation
Cryptomator provides the software for Linux as an AppImage, which means that it can be used on all current distributions without needing to retrofit any dependencies. For Ubuntu and its derivatives as of version 18.04 and for Arch Linux, the project provides separate repositories. For all other distributions, you first need to download the AppImage [3], which weighs in at around 55MB. The manufacturer asks for a donation of up to EUR25, but even if you choose not to donate, you can still download the application.
Note that Cryptomator only runs on computer systems with a 64-bit architecture. After downloading, assign execute permissions to the image. Then run it with the
./cryptomator-1.4.15-x86_64.AppImage
or just by clicking if you are using a file browser like Dolphin.
Getting Started
After starting the software, a two-part window without a menubar or buttonbar appears. The application is controlled using the three buttons located bottom left. Use the plus button to create new vaults, the minus button to remove existing ones from the interface, and the gear button to open a simple settings dialog, where you can define whether the software automatically checks for updates at startup and which function it uses to mount drives (Figure 1).
A click on the plus button opens a context menu in which you select + Create vault. Cryptomator displays the dialog for creating a new vault in an overlapping window, where you first define the vault's name and the directory in which the data are stored. Its name needs to match that of a cloud file directory. After pressing Save, the window closes. You are then prompted for a password for the vault in the main window. The color bar below indicates the password's strength.
After confirming the password by clicking on Create Vault, you will see the vault name and path in the left column. There is a closed padlock icon to the left. On the right, enter the password for the vault again and click on Unlock Vault.
Pressing the More options button takes you to further settings. You can enter your own drive options for mounting the device in an input field or tell the software to mount as read-only.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Systemd Fixes Bug While Facing New Challenger in GNU Shepherd
The systemd developers have fixed a really nasty bug amid the release of the new GNU Shepherd init system.
-
AlmaLinux 10.0 Beta Released
The AlmaLinux OS Foundation has announced the availability of AlmaLinux 10.0 Beta ("Purple Lion") for all supported devices with significant changes.
-
Gnome 47.2 Now Available
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.