Skip to content

The Cryptomator

For me, the Holy Grail of encryption software is a) a solution that performs in-memory encryption and decryption, and writes no unencrypted data to storage media, and b) a solution that can mount the same encrypted volume on both Windows and Linux operating systems. And I think I've found it. Cryptomator, which appears to work almost the same way as EncFS (even using the Dokan adapter), it seems), requires much less work to use on both platforms, is better maintained, and has some advantages over VeraCrypt.

Finding the right encryption software can be tricky, and options are actually quite limited when we actually go digging for them. They are even more limited if we need something that's multi-platform. The process of encrypting files individually using something like OpenPGP or 7Zip involves generating encrypted copies, and the obvious problem with this is that the original unencrypted files still exist on the storage medium - this data is more persistent than most people would imagine. Back in 2016 I did a little experiment that involved encrypting files using bcrypt and using BleachBit to erase the original on a USB drive. The unencrypted data was recoverable after running Autopsy, foremost and EnCase on the USB image. Attempting to protect protect sensitive data on a USB drive using this method is a bad idea.

We need something like an encrypted filesystem or container that can be mounted as an in-memory/virtual filesystem, so that the unencrypted data is never written to the storage medium. This is what Cryptomator and VeraCrypt do, in different ways.

I found the Cryptomator application dead easy to use, and it was just a matter of installing it, clicking the button to create a 'vault' at a specific location on my hard drive, and setting a decent password. It then set up an encrypted filesystem that obfuscates the filenames, directory structure and the file contents. Cryptomator is better than VeraCrypt if you want to sync encrypted data between local and remote directories, since each file is encrypted independently, and only individual file changes need to be synced. The vault, being hosted on by a cloud service, can be mounted on another machine with Cryptomator installed.

Posted: 19.12.2020