Cryptomator protects in the cloud
Simple but Safe
Make files fit for the cloud with Cryptomator by encrypting content and obscuring the name and size of each file.
Saving files in the cloud is convenient and cost efficient. However, many service providers do not place enough emphasis on data security, allowing content to fall into the hands of unauthorized third parties. Yet, with Linux and the program Cryptomator [1], you can slam the door on snooping.
How It Works
Most cryptographic programs require deep knowledge of encrypting methods and often a great deal of effort when integrating. Cryptomator, on the other hand, is aimed at users looking for a simple and practical approach. The software works transparently in the background, and the dialogs are simple.
The program encrypts data with a 256-bit AES key and a message authentication code (MAC) master key. Scrypt technology, a method for generating keys that uses a random value and a password to make a dictionary attack more difficult, is used to generate these keys, making brute force attacks difficult. The application comes with a graphical interface, from which you manage the encrypted data that you keep in vaults. From the outset, the software is reminiscent of the command-line program Tomb [2].
Technically speaking, the program functions as a server while encrypting and processing the available data locally on a virtual drive. The program only allows connections on the local system via the loop-back device, a file that provides a virtual block device that does not conform to any hardware on the system and allows you to combine files as a drive. The cryptographic processing of the individual files is not limited to the content but includes any meta-information and the file's name itself. Additionally, the software changes the size of the file, making it difficult to draw conclusions about the content.
Cryptomator then drops the processed files into the desired vault, which corresponds to the directory that synchronizes with the cloud service. The client for each respective service can then match the encrypted data without the potential need to transfer keys on the server. To use multiple services simultaneously, you will need an independent vault for each cloud service, which you create in the respective sync directory.
If you want to share data with others, they must have access to the relevant vault, know the password, and be able to send the password securely, such as by an encrypted email. On the other hand, it is not possible to share a single file from a vault with someone. If you have access to the container, you can see everything. If you want to control access in great detail, the only method at your disposal is to create a separate vault for each participant and work with copies of the files.
Unlike container-based programs, Cryptomator only encrypts files that you have changed and currently have loaded. As a result, you can only synchronize modified files. The software works quite quickly, which can pay off in hard cash, particularly in cases of data transfer over mobile devices by UMTS, HSPA, or LTE.
Installation
The Java-based software is available for different distributions on the project's website, where you can get an RPM package and 32- and 64-bit DEB packages. Despite being listed explicitly for Red Hat-based systems, in the test, the packages were also able to run on other distros that use the RPM package management.
Repositories also exist for Ubuntu, and packages for Arch Linux are in the Arch user repository (AUR), which has a collection of scripts that integrate additional software into an Arch installation. A portable version is available for all other systems. In all versions from 1.8 onward, Cryptomator is based on and requires a compatible version of the Java Runtime Environment.
During installation, the program ends up in the /opt/Cryptomator/app/
directory; in the Tools submenu, you will find a Cryptomator entry.
Clients exist not only for Linux, but for Mac OS X and iOS. An Android app is in the works according to the website, and the developers are planning a beta version for fall of this year. If you want to share your data outside the boundaries of the platform, you either need the right system or a measure of patience.
Getting Started
After the program first starts, a window opens; alongside a gear icon for adjusting the WebDAV, the only option it offers is a gear icon for adding a new vault (Figure 1).
Clicking on the plus button and then Create new vault in the context menu that pops up opens a file manager, where you create the directory for the encrypted files in the system's cloud folder.
In the next dialog, you set a password for the vault and verify by entering it a second time. The program shows the security of the selected string with a dashed bar colored red or green, depending on the strength of the password (Figure 2). Now your vault is fully ready.
If you click the program window at the bottom right next to the Lock vault button on the small triangle, and select the Reveal drive option, you can drag and drop the files you want to encrypt into the newly opened file manager window. After storing the files, a graph in the right pane of the program window shows the current throughput in megabytes per second during encryption (Figure 3).
The program stores the encrypted files in the destination folder, at which point the cloud service's original client software typically begins synchronization. Afterward, you can view the number of files saved and the disk space occupied in a conventional file manager like Dolphin (in the Properties dialog for the relevant folder), but not the individual files.
In the cloud service's web interface, you will recognize the individual files, but with obfuscated file names of no significance (Figure 4). You can then download the encrypted files individually from the web interface, although the system identifies them as binary files, which prevents conclusions from being drawn about file types, file names, or file size.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Halcyon Creates Anti-Ransomware Protection for Linux
As more and more Linux systems are getting targeted by ransomware, Halcyon is stepping up its protection.
-
Valve and Arch Linux Announce Collaboration
Valve and Arch have come together for two projects that will have a serious impact on the Linux distribution.
-
Hacker Successfully Runs Linux on a CPU from the Early ‘70s
From the office of "Look what I can do," Dmitry Grinberg was able to get Linux running on a processor that was created in 1971.
-
OSI and LPI Form Strategic Alliance
With a goal of strengthening Linux and open source communities, this new alliance aims to nurture the growth of more highly skilled professionals.
-
Fedora 41 Beta Available with Some Interesting Additions
If you're a Fedora fan, you'll be excited to hear the beta version of the latest release is now available for testing and includes plenty of updates.
-
AlmaLinux Unveils New Hardware Certification Process
The AlmaLinux Hardware Certification Program run by the Certification Special Interest Group (SIG) aims to ensure seamless compatibility between AlmaLinux and a wide range of hardware configurations.
-
Wind River Introduces eLxr Pro Linux Solution
eLxr Pro offers an end-to-end Linux solution backed by expert commercial support.
-
Juno Tab 3 Launches with Ubuntu 24.04
Anyone looking for a full-blown Linux tablet need look no further. Juno has released the Tab 3.
-
New KDE Slimbook Plasma Available for Preorder
Powered by an AMD Ryzen CPU, the latest KDE Slimbook laptop is powerful enough for local AI tasks.
-
Rhino Linux Announces Latest "Quick Update"
If you prefer your Linux distribution to be of the rolling type, Rhino Linux delivers a beautiful and reliable experience.