cryptomator / cryptomator Goto Github PK

Two hints:

• Use scrypt (instead or additionally to PBKDF2) to increase bruteforcing cost on specialized hardware
• If using PBKDF2, move from PBKDF2WithHmacSHA1 (deprecated soon) to PBKDF2WithHmacSHA256 (check JCE requirements though!)

While a vault is unlocked, the mounted drive should not be unmountable by hand.

For example if you have the filenames

AAVJUNHEL4F6E6FEEQSTT26EE3BSVIH5LBJSM7WVI4======.aes
and
AAVJUNHEL4F6E6FEEQSTT26EE3BSVIH5LBJSM7WVI4====== (1).aes

because of sync conflicts, Cryptomator behaves in a weird way:

In the virtual (decrypted) drive, you won't see both files, but only one. In this case you would see the file readme.pdf, which is the decrypted filename of the example above.

Now if you delete readme.pdf (still in the virtual decrypted drive), it will only delete AAVJUNHEL4F6E6FEEQSTT26EE3BSVIH5LBJSM7WVI4======.aes on the encrypted side.

After locking and unlocking the vault, readme.pdf still exists and deleting that will cause the deletion of AAVJUNHEL4F6E6FEEQSTT26EE3BSVIH5LBJSM7WVI4====== (1).aes, which is probably the weirdest part.

It would be nice to display the encrypted folder as a package on Mac OS X, while still being compatible with other OS.

Changing drive name has no effect at all and changes back to original.

Would be great if we could have an option to launch Cryptomator on the Mac into the menu bar, so it doesn't sit in the Dock as well.

Great app btw :-) Thanks

You have to constantly move the cursor, when encrypting huge amounts of data. Otherwise it will just pause and eventually cancel.

Tested on Mint 64bit Cinnamon Vanilla + Cryptomator v0.5.0

Currently it's possible to change a password during an active WebDAV session.

This may result in unexpected behaviour

Updated to latest iOS and I have come across some issues, please feel to break this post into relevant issues.

*** Add existing file to vault (vault is unlocked prior) ***

Please note the above works perfectly with DropBox

*** Multiple Select ***
If you select more than 1 file there is no option to add to Cryptomator

*** Save a file to Cryptomator - ie. save a numbers document straight to the vault does not function correctly ***

*** Add an existing file from iCloud to Cryptomator. ie. if I already have numbers documents saved under the numbers folder in iCloud, I can not move/copy these to the vault ***

Please note the above works perfectly with DropBox

I hope that makes sense but please ask if you need me to explain further, thank you.

There are known vulnerabilities in CTR mode, if the data is not a multiple of the block size. A standard padding should be added to avoid these issues.

However be aware, that there might be (or have been) problems in different CTR implementations.

• bouncycastle vs JCE
• bugs.openjdk.java.net

If ejection failed (e.g. because the drive is already ejected), one should be able to force-lock a vault.

Yesterday I installed Cryptomator on my Windows 8.1 x64 notebook and everything went smooth.
Today I installed it on my business notebook with Windows 7 x64 Enterprise edition and the vault won't open/ mount.

It's an HP Folio 9470 with a fingerprint scanner.
The Windows event viewer gives me an "Validity USDK" error in the application log which should be related to the fingerprint scanner.

Apart from that there's no further error message or log entry.

Hallo! I miss a statement on the webiste under which license the binaries and the source code are published. Is it GPL version 3 (preferable, if possible). Anyway, it should be stated on the website in any case.

When Cryptomator is running in background and I start a second instance of Cryptomator, I expect the already running instance to show up.

Hello, I am just going to this project looks promising as I am doing research for AES.
Are you using Java8 parallelism for SMP ?

If you could give me some details, I can make small contribution by wiki..
Pl contact me [email protected]

Reported on MacBook Pro (Mid2010), running Yosemite.

At least on Windows. This is not a standard behaviour on OS X, where showing a context menu is totally sufficient.

While the data authentication is important for documents, most bigger files like videos suffer from poor performance.

This might be an upstream bug in the java fx ant task. (See javafx-maven-plugin/javafx-maven-plugin#74 or javafx-maven-plugin/javafx-maven-plugin#56).

Until this issue is resolved, beta versions should be published as MSI bundles.
Edit: MSI is affected too

There's 2 ways to address this issue:

1. notify user of the naming format.
2. make vault creation smarter and add it automatically.

Changing password doesn't work yet.

Since a loss of .masterkey.json means absolute irrecoverability of the unencrypted data, the file needs to stay intact at all costs. Synchronization services like btsync, which don't maintain a history, are vulnerable to file corruption.

Safeguards against this issue should not escalate, since the user can manually copy the .masterkey.json (even publically if he so chooses), and the underlying synchronization service should be trusted to some extent to keep the data safe.

A basic mechanism to provide some extra security would make a backup of the .masterkey.json file whenever decryption was successful.

Currently it is not visible to the user, that Cryptomator is checking for new releases. This may result in unexpected firewall warnings.

Since the quality of the chosen password for a folder is essential to its security, it should be possible to change the password for a folder after it has been created. A repeated encryption of the folder is not necessary. The kek can simply be recalculated, changing the encrypted keys while keeping the actual keys.

The following file attributes are not yet handled correctly:

• Win32CreationTime
• Win32LastAccessTime
• Win32LastModifiedTime

All times are set to the date, when files has been moved onto the drive.

Let the users decide, whether they will use it in normal mode or portable mode.

In portable mode:

• saves all data from Roaming folder (Windows) in execute folder (where the *.exe or *.jar is located)
• maybe the auto unlocking feature #40 should not be available here

One solution could be the Portable Apps Platform App Maker, but a real portable mode of the application is much better

java -jar /path/to/cryptomator isn't the easiest way to use cryptomator.
finding the path to cryptomator can also be non-trivial for more novice users.

The misbehaving setup, Kubuntu 15.04, Dolphin is the default file manager.

Usecase :
When the application tries to open the file manager using the command xdg-open "dav://localhost:54718/f16a6472-d454-43b1-be7b-378602d6449b/vault3"

Result :

1. The application prompts the following errors in debug :

kioclient(7931)/kio (KRun): #### NO SUPPORT FOR READING!

at org.cryptomator.ui.util.command.CommandResult.assertOk(CommandResult.java:88) ~[classes/:?]
at org.cryptomator.ui.util.command.CommandRunner.execute(CommandRunner.java:69) ~[classes/:?]
at org.cryptomator.ui.util.command.Script.execute(Script.java:38) ~[classes/:?]
at org.cryptomator.ui.util.mount.LinuxGvfsWebDavMounter.mount(LinuxGvfsWebDavMounter.java:54) ~[classes/:?]
at org.cryptomator.ui.model.Vault.mount(Vault.java:114) [classes/:?]
at org.cryptomator.ui.controllers.UnlockController.lambda$didClickUnlockButton$20(UnlockController.java:135) [classes/:?]
at org.cryptomator.ui.controllers.UnlockController$$Lambda$347/337042139.call(Unknown Source) [classes/:?]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_45]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_45]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_45]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_45]

The drive is then unmounted and the application prompts for vault password again. It does not prompt any visible errors.

Futhur Analysis :
However if I debug the application by making changes to LinuxGvfsWebDavMounter.java to use webdav schema-name, which results in the following command be executed

xdg-open "webdav://localhost:54718/f16a6472-d454-43b1-be7b-378602d6449b/vault3"

This results in the application executing as expected.

It would seem that file managers either accept "dav/davs" OR "webdav/webdavs" when opening handling webdav.

Create multiple servlets on one Jetty server instead of starting one Jetty per Vault.

CBC in general is not the best choice. As file names are relatively short, its not a big issue. But as long as we have the choice, we should do better ;)

Update CREATIONDATE and GETLASTMODIFIED, if information is supplied within request.

Just a feature suggestion to add a quick "About Cryptomator" panel/view listing the current version, maybe the project page, etc. into the menu as an option.

Reduces complexity, as custom authentication can be removed.

see also: http://www.reddit.com/r/crypto/comments/2qqrvn/check_out_cryptomator_an_open_source_personal/cn8pgoi

You can add the same folder multiple times to the list. Should be unique.

While keeping file size overheads small, adding a few random blocks to the end of a file will complicate identification of files by size.

In OS X 10.10, I can't use 'command + v' to paste password.

Hello,

it would be awesome if there could be a command line version!
I want to crypt files on my rpi without GUI.

Best regards

SeameX

Does this affect cryptomator?
https://pay.reddit.com/r/crypto/comments/2qoxvw/nsa_cryptanalytic_attacks_on_ssl_vpns_and/
https://pay.reddit.com/r/netsec/comments/2qnk64/ssh_and_tls_are_insecure_j_appelbaum_claims_31c3/

Like Dropbox / Google Drive etc., Cryptomator should also be a "Menu Bar"-only application.

Maybe this helps?
http://stackoverflow.com/questions/24312260/javafx-application-hide-osx-dock-icon

I added some files on the networkdisc. I pushed a *.rar File on the container. After the file is on the disc, i tried to move it on my desktop. And I cant move it. There is always an error:

Calculate MAC over the file content

If I create a Vault on a Mac within iCloud Drive it appears on the iCloud Drive on the iPhone but if I click add existing Vault it is not shown.

Likewise if I create a Vault on the iPhone it does not sync back to the Mac

If you run Cryptomater.jar, you add a new vault (the list of vaults is empty) you unlock it, then the virtual hard drive doesn't appear in windows explorer.

If you add a second vault and unlock it, the second appears in explorer.

Also if you restart the application and unlock both, both are shown up.

If you restart the application after you added the first vault, and then unlock it, the vault is shown up in explorer.

Running Windows 8.1 in Parallels on a Retina MBP. Windows reports desktop resolution at 3402 x 2118 which makes the initial Cryptomator screen very small and difficult to read in comparison to the rest of the document.

Attaching a full-res screen here so that you get the idea. Wish I could pre-label these for you folks; definitely an "enhancement" and not a bug.

Adding users doesn't work yet.

In 32 bit win xp and win7 can't run ’Cryptomator.exe' after correct installed.
May be it's a 64 bit application? where can I get the 32 bit version.

When I create a new vault by replacing an old one (by choosing the same name/path), nothing happens. Neither in my file system nor in Cryptomator (it doesn't get added to the list). Not sure if intentional.

The user should have the possibility to set a specific vault for auto unlock with application start.

Like it MS Bitlocker does, with crypted data partitions, if the system partition is crypted and the user selected a data partition for auto unlock at system start.

Each volume should get the name of the directory, its encrypted files are stored in.