this post was submitted on 23 Feb 2025
13 points (100.0% liked)

Privacy

899 readers
161 users here now

Protect your privacy in the digital world

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

  1. Be nice, civil and no bigotry/prejudice.
  2. No tankies/alt-right fascists. The former can be tolerated but the latter are banned.
  3. Stay on topic.
  4. Don't promote proprietary software.
  5. No crypto, blockchain, etc.
  6. No Xitter links. (only allowed when can't fact check any other way, use xcancel)
  7. If in doubt, read rule 1

Related communities:

founded 3 months ago
MODERATORS
fxomt@lemmy.dbzer0.com
otter@lemmy.ca
shaytan@lemmy.dbzer0.com
fxomt@piefed.social
13
Help Me Understand The Cryptomater Process Please! (lemmy.dbzer0.com)
submitted 9 hours ago by constantreadarr@lemmy.dbzer0.com to c/privacy@lemmy.dbzer0.com
7 comments fedilink hide all child comments
 

So, I want to encrypt my files with Cryptomater before they go to my cloud based backup service. Lets say I use Dropbox.

So I know I create a Cryptomater vault and give the location as a folder in Dropbox.

I can't see that Vault until I open it in Cryptomater, right? This means I can't add anything to that Vault unless its open on my machine. As its open, I'm assuming that the data I'm adding is unencrypted until I close the Vault?

Lets say I add a plain text file to an open Vault.

So, at what point does Dropbox upload that file? Is it the minute its added to the Dropbox environment? Because that would mean its unencrypted.

Or is it not uploaded until the moment the Cryptomater vault is closed? Because that would mean I'd either have to leave the Vault open the entire time I was on my device and possibly have to do one (potentially) big upload at the end of the day maybe or keep opening and closing the Vault every time I wanted to work with the Vault (edit an existing document, add a new one, delete one etc).

Or have I misunderstood the process? I hope so because it either sounds not very secure or not very usable.

you are viewing a single comment's thread
view the rest of the comments
[–] heavydust@sh.itjust.works 4 points 8 hours ago* (last edited 8 hours ago) (3 children)

The files are encrypted in the RAM of the computer and stored immediately, you can see the changes in your Dropbox folder where they are stored (encrypted).

the upload only happens when the Vault is closed (I think?)

There is no vault with Cryptomator! Yeah, it's annoying and I understand your concerns now. They call it that but it's only a background service that encrypts files when you copy them in the virtual folder (of Cryptomator, not Dropbox). What they call the vault is that service, but the files are there and you can see it with their names scrambled in the real directory of Dropbox.

The upload happens when Dropbox sees a change in its own directory. For example, you copy "hentai.png" in Cryptomator, Cryptomator will encrypt and save it to the local Dropbox as "aiernstaernst.xyz" and then the Dropbox service will see that "aiernstaernst.xyz" has changed and will upload it immediatly (or maybe with a few seconds of differences but we can't know this).

On Windows you would have: F:\Vault\hentai.png linked to C:\User\Dropbox\aiernstaernst.xyz. Cryptomator shows you the fake F:\Vault drive when it's running (the so-called vault) while Dropbox only sees C:\User\Dropbox

I backup to an external drive using a bash script

As long as your bash script copies the files to the Cryptomator directory, they will be encrypted before being stored as this service acts as a fake driver pointing to your Dropbox directory. But I agree that the term "vault" is really confusing. It's only a fake hard drive that detects copies and modifications, and encrypts and decrypts files in that fake drive, which is linked to the real Dropbox drive that only sees scrambled content.

It's a neutral process that only stores files wherever you want, it's independent on any cloud or solution. You can even use it with a USB key without any cloud at all. I happen to use Veracrypt for my weekly backups (emails, some texts) but I could replace all that with Cryptomator and I'm sure it would be easier since I wouldn't have to change one big 2GB file every time.

[–] constantreadarr@lemmy.dbzer0.com 1 points 8 hours ago (2 children)

Thanks very much for the time you've taken to explain this to me, I really appreciate it :)

So, just to recap so I'm sure I've understood....

  1. I drop a file into an open Vault (which is really a service which runs in an allocated part of RAM) and it gets encrypted immediately
  2. That encrypted file is then placed into Dropbox immediately?Or is the file placed there when the 'Vault' is saved/closed?
[–] heavydust@sh.itjust.works 2 points 7 hours ago* (last edited 6 hours ago) (1 children)

Yes, the encrypted file is then placed immediately into the local Dropbox folder. Once again it's all very confusing but if I can sum that up, Cryptomator is not there to sync things, it's only there to show you a virtual hard drive.

[–] constantreadarr@lemmy.dbzer0.com 1 points 6 hours ago

Sure, I get that :) I'm not thinking that Cryptomater should be responsible for the syncing of anything but I was unclear that at what point in the process the encrypted file would be uploaded. Now obviously that will vary depending on the sync service you use but the important point (for me) was when the file was encrypted and moved i.e. immediately or when the Vault was saved/closed.

Thanks again to you for the explanation, I feel I understand the process much better now :)