Cryptomator protects in the cloud
Simple but Safe
Make files fit for the cloud with Cryptomator by encrypting content and obscuring the name and size of each file.
Saving files in the cloud is convenient and cost efficient. However, many service providers do not place enough emphasis on data security, allowing content to fall into the hands of unauthorized third parties. Yet, with Linux and the program Cryptomator [1], you can slam the door on snooping.
How It Works
Most cryptographic programs require deep knowledge of encrypting methods and often a great deal of effort when integrating. Cryptomator, on the other hand, is aimed at users looking for a simple and practical approach. The software works transparently in the background, and the dialogs are simple.
The program encrypts data with a 256-bit AES key and a message authentication code (MAC) master key. Scrypt technology, a method for generating keys that uses a random value and a password to make a dictionary attack more difficult, is used to generate these keys, making brute force attacks difficult. The application comes with a graphical interface, from which you manage the encrypted data that you keep in vaults. From the outset, the software is reminiscent of the command-line program Tomb [2].
Technically speaking, the program functions as a server while encrypting and processing the available data locally on a virtual drive. The program only allows connections on the local system via the loop-back device, a file that provides a virtual block device that does not conform to any hardware on the system and allows you to combine files as a drive. The cryptographic processing of the individual files is not limited to the content but includes any meta-information and the file's name itself. Additionally, the software changes the size of the file, making it difficult to draw conclusions about the content.
Cryptomator then drops the processed files into the desired vault, which corresponds to the directory that synchronizes with the cloud service. The client for each respective service can then match the encrypted data without the potential need to transfer keys on the server. To use multiple services simultaneously, you will need an independent vault for each cloud service, which you create in the respective sync directory.
If you want to share data with others, they must have access to the relevant vault, know the password, and be able to send the password securely, such as by an encrypted email. On the other hand, it is not possible to share a single file from a vault with someone. If you have access to the container, you can see everything. If you want to control access in great detail, the only method at your disposal is to create a separate vault for each participant and work with copies of the files.
Unlike container-based programs, Cryptomator only encrypts files that you have changed and currently have loaded. As a result, you can only synchronize modified files. The software works quite quickly, which can pay off in hard cash, particularly in cases of data transfer over mobile devices by UMTS, HSPA, or LTE.
Installation
The Java-based software is available for different distributions on the project's website, where you can get an RPM package and 32- and 64-bit DEB packages. Despite being listed explicitly for Red Hat-based systems, in the test, the packages were also able to run on other distros that use the RPM package management.
Repositories also exist for Ubuntu, and packages for Arch Linux are in the Arch user repository (AUR), which has a collection of scripts that integrate additional software into an Arch installation. A portable version is available for all other systems. In all versions from 1.8 onward, Cryptomator is based on and requires a compatible version of the Java Runtime Environment.
During installation, the program ends up in the /opt/Cryptomator/app/
directory; in the Tools submenu, you will find a Cryptomator entry.
Clients exist not only for Linux, but for Mac OS X and iOS. An Android app is in the works according to the website, and the developers are planning a beta version for fall of this year. If you want to share your data outside the boundaries of the platform, you either need the right system or a measure of patience.
Getting Started
After the program first starts, a window opens; alongside a gear icon for adjusting the WebDAV, the only option it offers is a gear icon for adding a new vault (Figure 1).
Clicking on the plus button and then Create new vault in the context menu that pops up opens a file manager, where you create the directory for the encrypted files in the system's cloud folder.
In the next dialog, you set a password for the vault and verify by entering it a second time. The program shows the security of the selected string with a dashed bar colored red or green, depending on the strength of the password (Figure 2). Now your vault is fully ready.
If you click the program window at the bottom right next to the Lock vault button on the small triangle, and select the Reveal drive option, you can drag and drop the files you want to encrypt into the newly opened file manager window. After storing the files, a graph in the right pane of the program window shows the current throughput in megabytes per second during encryption (Figure 3).
The program stores the encrypted files in the destination folder, at which point the cloud service's original client software typically begins synchronization. Afterward, you can view the number of files saved and the disk space occupied in a conventional file manager like Dolphin (in the Properties dialog for the relevant folder), but not the individual files.
In the cloud service's web interface, you will recognize the individual files, but with obfuscated file names of no significance (Figure 4). You can then download the encrypted files individually from the web interface, although the system identifies them as binary files, which prevents conclusions from being drawn about file types, file names, or file size.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Gnome Fans Everywhere Rejoice for the Latest Release
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.