We’re happy to announce the release of Cryptomator 1.10.0. 🎉 Let’s dive into what this new release has to offer!
Expert Settings During Vault Creation
We understand that expert users desire more control and would like to override some default values in the vault configuration file. That’s why the new version brings the addition of expert settings during vault creation. For now, you can set the maximum length of encrypted file names. This feature ensures that Cryptomator adapts to the peculiarities of various cloud storage systems. 🛠️
Proper Tray Menu Support on Linux
A huge shoutout to Ralph (purejava on GitHub) for his open-source contribution once again! 🙌 Thanks to his efforts, we now have proper tray menu support with AppIndicator integration. It’s yet another step towards making Cryptomator feel native and fluid for Linux users.
AArch64 Build for AppImage
Good news for Linux users on AArch64 architectures! 🎉 Cryptomator 1.10.0 includes an AArch64 build for AppImage. With this addition, we’re expanding our reach and welcome more Linux users.
Improved Error Dialog
Encountering an error can be frustrating 😓, especially when you’re not sure what to do next. We’ve redesigned our error dialog to focus on solutions. Now, when you run into an error, the dialog will guide you to a potential solution if it exists in our error database. This enhancement aims to make troubleshooting more user-friendly and efficient. ✅
Refreshed macOS App Icon
Mac users, we haven’t forgotten about you! 🍏 Aesthetics matter, and with this update, Cryptomator boasts a brand-new app icon for macOS. How do you like Cryptobot in a squircle?
Conclusion
Cryptomator 1.10.0 brings a mix of enhancements and several bug fixes to ensure a smoother user experience. As always, your feedback is welcome. For a detailed list of all changes, please check out the release notes.
Thank you for your continued support and trust in Cryptomator. ❤️ Update to 1.10.0 now and let us know what you think!
Happy crypting! 🔒
Cryptomator 1.7.0: What You Need to Know
If you’re subscribed to our releases on GitHub, this is already old news for you: We have released the first beta of the upcoming Cryptomator 1.7.0! It contains a lot of internal changes and a bunch of new features, some of which are almost as old as Cryptomator itself.
We are very proud of this release, as it eliminates technical debt, delivers long-awaited features, and prepares Cryptomator Desktop for the future. But putting aside about 3,000 lines of code changes and a 4-month development iteration (not counting work in our libraries), let’s dive into this release to see what you, the user, will get out of it.
Locate Encrypted File
As already mentioned, Cryptomator 1.7.0 includes a feature that has been requested for a very long time: Locating the encrypted counterpart of a file. Sounds complex, but once you remember that Cryptomator encrypts filenames and obfuscates the directory structure (see our docs), it is easy to understand.
Prior to 1.7.0, you had to guess which encrypted file corresponds to which cleartext file based on the exact timestamps. Now, once the vault is unlocked, the encrypted counterpart of any file in the vault can be revealed by clicking on the “Locate Encrypted File” button and selecting a file in the vault. Or you can simply drag and drop the files from your vault onto this button. See for yourself in this short video:
Experimental Support for FUSE-T
On macOS, Cryptomator can use two different technologies to integrate your vault into the system: macFUSE and WebDAV. Unfortunately, the WebDAV implementation on macOS is not the most reliable one. Starting with Apple Silicon Macs, it became unusable for some users who reported system freezes. To make matters worse, macFUSE, which has been the preferred option for at least 3 years, is also on its last legs. Apple has deprecated the OS APIs used by macFUSE since macOS 12.3.
For the past year, we have been desperately searching for an alternative. Our proof of concept using Apple’s File Provider framework was not very convincing and would basically require a whole new architecture. Fortunately, you, our community, informed us about an alternative: FUSE-T.
FUSE-T is a young project that does not rely on deprecated macOS APIs and can be used as a drop-in-replacement for macFUSE. It requires a much less deep system integration than macFUSE while offering a similar performance. This makes Cryptomator ready for the medium-term future on macOS. But since FUSE-T is quite young, support for it is experimental for now. We encourage you to try it though!
So, while the File Provider extension is not out of our sight, we are relieved to be able to offer you a stable system integration of your Cryptomator vaults.
Volume Types Overhaul
Looking at the screenshot above, you might have noticed: The volume types have changed, too. That’s right, and that’s because we rewrote the entire volume type selection and internal wiring logic. It was a huge development effort, but it resulted in a less complex and easier to maintain architecture under the hood. It also resulted in more options for you.
More Options
The old implementation basically offered 3 (or 2) options: WebDAV, Dokany, and FUSE. Now, specialized implementations are offered for each OS. For example, on Windows you can select between WinFsp, WinFsp (Local Drive), Dokany, WebDAV (Windows Explorer) and WebDAV (Fallback).
But don’t worry, this selection is only important if you have special requirements for the virtual drive. Otherwise, Cryptomator has a new “Automatic” option and is set up to choose the best suited option for you, and you don’t need to worry about it.
We have even added an emergency option: The aforementioned “WebDAV (Fallback)”. If you can’t mount your vault at all, it makes your vault accessible via a local-only server using the web standard WebDAV. We’ll have a guide describing this in more detail soon.
WinFsp Change: Local vs. Network Drive
Windows users may notice that their vault is now mounted as a network drive by default. This has the advantage of better performance when listing large directories. The disadvantage is that it cannot be mounted into a directory. Accessing the vault as a privileged user is still possible by using the UNC path.
If you really need a local drive, you can always change the volume type in the preferences.
Dokany Deprecation
With the release of Cryptomator 1.7.0, we will officially deprecate Dokany support.
Dokany, like FUSE, provides a file system interface to mount virtual drives without requiring elevated privileges. We started supporting Dokany 3 years ago with version 1.4.0. But things didn’t go as smoothly with the Dokany volume as we had hoped, so we decided to focus our development efforts on a single file system interface. All Dokany-related issues on GitHub will be closed, and our general recommendation is to use WinFSP which comes with the EXE installer of Cryptomator. You will still be able to use Dokany, but it won’t get any updates and support will eventually be removed.
It was a great time, and we wish the Dokany project all the best!
Linux AArch64 Builds
With Cryptomator 1.7.0, we’ll finally ship AArch64 builds of Cryptomator via Flatpak and PPA.
One big obstacle was the aforementioned FUSE file system API on Linux. We were using a rather old project to build the bridge between Cryptomator and FUSE. Thanks to a fantastic development effort started by our lead architect, we now use state-of-the-art technology to implement this bridge. The result is bundled in the library called jFUSE. Not only were we able to change the bridge, we were also able to update to a new major version of FUSE and pave the way to support features like extended attributes.
The AppImage is still x86_x64 only, but we plan to deliver it also in AArch64 architecture eventually.
AES-GCM: New Default for Content Encryption
Starting with Cryptomator 1.7.0, newly created vaults will use AES-GCM instead of AES-CTR+HMAC for file content encryption.
Nowadays, almost all non-embedded devices offer hardware acceleration of the Galois/Counter Mode of operation, so encryption and decryption should be significantly faster than in the old mode of operation. The support in our underlying cryptographic library cryptolib was already added in June 2021 with version 2.0.0. But instead of jumping the gun, we gave it a proper testing period and are now confident to ship this improvement to you.
Of course, our mobile apps also support AES-GCM, although vaults created in iOS or Android will continue to use AES-CTR+HMAC for the time being. The mobile apps are scheduled to switch in their next minor release.
You can continue to use your existing vaults as before. There are no vault upgrades and there is no action required on your part. Cryptomator will support both modes of operation.
Cryptomator Roadmap Early 2022
There have been a lot of changes in the past year. With this roadmap, we want to give you an overview of what has changed in Cryptomator and what you can look forward to in the coming months.
iOS Version
At the end of last year, we were finally able to introduce our new iOS app. One of the main features is the full integration with Apple’s own Files app. We also made it possible to offer you a “freemium” version of the app. If you want to know even more about the new features, check out this blog post. Since then, we’ve been working on bringing you more features through several updates, such as the auto-lock feature that came with version 2.1.0. With the just released version 2.2.0, we integrated pCloud and added support for shortcuts in Google Drive.
We have a lot more planned for the app in the coming months. We will integrate Cryptomator into Shortcuts so that automation processes such as “auto photo upload” are possible. We also plan to integrate S3, as we did with our Android app.
Android Version
Over the past few months, we have been working on increasing the compatibility of Cryptomator. This includes the fact that we now support pCloud, S3, and Vault Format 8. Thanks again Manuel (mjenny on GitHub) for contributing support for pCloud and S3. Also, Cryptomator can now be installed and updated via F-Droid. Vaults in Google Drive can now be used via shortcuts in locations outside of “My Drive”. This works in “Shared with Me”, “My Computer”, and “My Drive” for example. With OneDrive, it is possible to use multiple accounts at the same time. We will make this feature available for Dropbox and Google Drive in the future. In addition, a “real” auto photo upload is available in the Android version, meaning new pictures and videos are now uploaded not only after unlocking the vault, but directly when it is unlocked.
In the coming months, we will switch the Android app to a freemium model, as we did with iOS, and continue to work on the long-awaited document provider.
Desktop Version
With version 1.6.0 announced in the last roadmap, we introduced Vault Format 8 for our Desktop version. You can read more about it here. For better usability, we have introduced error codes and a knowledge base of those, where you can look up solutions for the issue you’ve encountered. We also introduced an auto-lock feature that automatically locks the vaults after a self-defined inactivity time as well as a plugin API. The first plugin for Cryptomator is the KeePassXC plugin via an open-source contribution by Ralph (purejava on GitHub). Furthermore, we improved our build systems so that applications/installers for all operating systems are automatically built and signed (instead of manually).
Two years ago, one might remember that we announced to focus our efforts on Flatpak distribution. However, that didn’t go as planned and progress on it came to a halt… until recently. Our regular open-source contributor Ralph (purejava on GitHub) once again came to our rescue. And we actually did it! Cryptomator is now available on Flathub as a Flatpak app. Again, huge thanks to Ralph for his amazing contribution!
For the Desktop version of Cryptomator, we have some major topics coming up in the near future. On the one hand, we are working on a major FUSE refactoring. Among other things, this is necessary to be able to offer ARM64 support on Windows and Linux as well. On Apple Silicon Macs, we have already supported this for a few releases. On the other hand, we want to address the open issues related to extended attributes. More precisely, we are talking about additional file attributes that enable tagging and fix compatibility issues. Of course, these attributes will be encrypted just like the filename.
If you read this far, we’d like to share a secret with you. We are currently working on Cryptomator Hub. That’s it for now but you’ll definitely hear more about it this year.
Cryptomator 1.6.7 Release: Major Changes on Windows
Hello Community!
The last blog post is already a while ago. We hope you’re all doing fine. Cryptomator 1.6.7 for Desktop is out now and let’s explore the changes together since it’s more than just a “patch”! The update contains some noteworthy changes, especially for Windows users.
New Installer
With Cryptomator 1.6.0, instead of delivering a “regular” executable for installation, we provided a Windows Installer package to allow easier scripted deployment of Cryptomator. But this approach also had drawbacks: We couldn’t bundle third-party drivers (i.e., Dokany) leading to inferior user experience.
These dire times are over! When you head over to downloads and select Windows, you’re getting an executable again that bundles the MSI installer as well as additional dependencies. Furthermore, it supports command-line parameters (e.g., /quiet). For a complete list, run the installer with the /? parameter.
If you want to download the “pure” MSI installer without dependencies, it’s also available on the downloads site or head over to the release on GitHub.
New Default VFS Driver (Virtual Volume)
As already mentioned, the new EXE installer can include dependencies again, so we added one right from the start: WinFsp.
This decision is mainly based on the long-term maintenance effort. The integration of a vault into the OS currently supports WebDAV (legacy), Dokany (Windows), and FUSE (all systems). FUSE support (provided by WinFSP) on Windows is now available for quite a while and feedback was very promising. The time has come to make this the default choice so we can focus on a common code base.
WebDAV and Dokany will remain part of Cryptomator, should you prefer it in your individual setup. Please note that Dokany 2.x is not yet supported and our existing Dokany 1.x glue code requires a migration.
There are some known issues with WinFsp though:
If you are logged in to Windows via an AzureAD account, vaults can only be accessed read-only.
Access with the admin rights is only possible when the vault is mounted into a directory (as opposed to a drive letter).
If you aren’t affected by any of these issues, we encourage you to use WinFsp/FUSE.
Those were the two major changes you should know about. For all changes, have a look at the changelog.
We hope you are enjoying this Cryptomator update.
Cryptomator Roadmap Early 2021
Development on Cryptomator 1.5.x is coming to an end and we are now working on the next major version 1.6.x. Read more about it in this roadmap!
State of the Desktop App
The update to version 1.6.0 is just around the corner! The release will mainly contain some invisible changes that will allow us to add new features in a timely manner. One of the main points here is to implement a new vault format (Vault Format 8). It makes the integration of other authentication methods in the future possible, for example to enable 2FA.
Another feature is the integration of a sanitizer. Until now, a separate program was needed to check the state of your vault and to execute cleanup and restore commands. In the future, this will be possible directly in the Cryptomator user interface.
In addition, there is now a prototype for the distribution of Cryptomator as a Microsoft Software Installation (.msi), but the implementation still has alpha character. Furthermore, we have updated Cryptomator to JDK 16 with the latest version 1.5.14, which brings some upstream fixes. Unfortunately, we could not make any progress with regard to Flatpak.
State of the Android App
As you might have noticed in our blog, we finally published the source code of the app! Apart from that, vault format 8 is also a big topic in our development here.
Since the update to version 1.5.14 (currently still in a beta version), pCloud is natively supported by Cryptomator. Many thanks to Manu for his open source contribution! Another small change is that since the update 1.5.13, it is possible to sort the vault list and thus get a better overview of the vaults.
But that’s not all we have planned for the Android app! We are happy to release Cryptomator on F-Droid soon. Also, we hope to be able to include more clouds soon and enable access to content of the vault via third-party apps with a “document provider”.
State of the iOS App
With the introduction of vault format 8, the “old” iOS app will probably get its last major update to version 1.6.0.
Meanwhile, work on the “new” iOS app continues. As announced in the last roadmap, the iOS app will be fully integrated into the Files app. We are already very far along. Nevertheless, we still have some work to do, as we want to offer some features like dark mode or support for multiple accounts from the same cloud provider right from the start.
We can’t promise you an exact release date yet, but we hope we will release a first beta version via TestFlight in the summer.
Cryptomator Roadmap Late 2020
We recently released Cryptomator 1.5.10 for Windows, macOS, and Linux with many new features and bugfixes. Well, actually the changes were in 1.5.9 but we followed it up with a hotfix release. 😁 With the (crazy) year nearing its end, we’d like to give you some insight to our roadmap across all platforms for the upcoming months!
State of the Desktop App
With the redesign and full rewrite of the UI in 1.5.0, we established a good foundation for adding further features. There was one former feature that didn’t make the cut though, which is now back with the latest version: Vault Statistics. 🎉
We didn’t stop there! Vault passwords can now also be stored in KWallet on Linux. Huge thanks to Ralph Plawetzki (purejava on GitHub) for his contribution! And last but not least, it is now possible to mount the vault via FUSE on Windows. This is still a beta feature! In order to try it, WinFSP needs to be installed. We’d love to hear your feedback on this!
On the distribution front, we didn’t quite meet our expectations. So far, we’ve been struggling with Flatpak as we just can’t convince its sandbox to properly support FUSE drives. But we’re not giving up on this!
Behind the UI, we introduced the integrations-api alongside implementations for each OS. It’s a new way for Cryptomator to include native (also OS-specific) functionalities. Now easier than ever, you can implement native functions. So grab your keyboard and start hacking! 😁 With this change, we archived the old native-functions repository. 👋
What’s next? Our plan is to move on to 1.6.x. First of all, we want to integrate Sanitizer, so you can check your vault health and run cleanup and recovery tasks right within the Cryptomator UI. Furthermore, by decoupling the key derivation from the vault encryption, we plan to give you more options for authentication, including third-party password storage, 2FA, and multi-user access using individual passwords.
Looking forward, we have some exciting news about our Android app! The project is in the perfect situation to fulfill the two biggest wishes of the community:
Open Source: Publishing the source code of the app.
Document Provider: Accessing the content of the vault using third-party apps.
You heard that right, we are going to open-source Cryptomator for Android! The fact that the app is open-core had its legitimate reasons but we are now fully confident that we can open-source the app without compromises. We are working hard to publish the complete source code within a few weeks.
After that, the highly anticipated Document Provider feature will be on our roadmap.
State of the iOS App
What’s up with Cryptomator for iOS? For the last 6-7 months, we have been hard at work on a completely new app written in Swift. Our first efforts can already be seen in our new open-source libraries for Swift: cryptolib-swift and cloud-access-swift.
What will be so special about the rewrite? Cryptomator will be fully integrated into the Files app. This comes with many benefits like thumbnails, support for third-party apps that can edit files directly inside the vault, and many more! But that also means, there won’t be a “custom” file browser inside the app anymore. Integration into the Files app is one of the most requested features of the community.
What about open source? We won’t open-source the current app anymore because we’d like to look forward. The new app is written with open-sourcing it in mind but it will still take some time until we can release anything.
We’ll definitely do extensive testing via TestFlight in the next year. Stay tuned for that!
Cryptomator 1.5.0 Release
Cryptomator has been redesigned and comes with a new dark mode. It is not simply a redesign, it was a full rewrite of the UI. During the rewrite, a whole new code structure was planned which makes it easier to extend the application in the future. One goal of the redesign was to make the onboarding process easier for users who don’t feel too comfortable with encryption software. Usability tests helped designing the workflows and understanding common misconceptions. Besides the redesign, the new vault format 7 increases compatibility with some cloud services and at the same time reduces the complexity for certain I/O operations.
To support the ongoing open-source development of Cryptomator, consider buying a donation key, which unlocks the new dark mode. ❤️ Detailed release notes for the desktop app are available on GitHub.
As you might have noticed, this website is also shining in a completely new design. ✨
Cryptomator for iOS & Android
New updates for iOS and Android have been released as well. To celebrate the release, our mobile apps are 40% off until April 23! 🤖
Between all the work on Cryptomator, we need to remind ourselves to not forget about our regular updates post. While most of you have already noticed that we’re approaching a new major release of Cryptomator, I think it is time to inform you where we’re currently standing and what our roadmap looks like.
State of our Desktop Application
We plan to release 1.5.0 within Q1 2020. In our currently running beta (huge shout-outs to all the helpful test feedback), we have already sorted out several problems and feel confident to deliver outstanding quality.
While we have already discussed upcoming changes to what we call the vault format (i.e. the layout of the encrypted files and directory) to increase compatibility with some cloud services and at the same time reduce the complexity for certain I/O operations, the far more obvious change affects the GUI:
We did not simply redesign our UI, we did a full rewrite of it. Nearly every single line of code that was involved in Cryptomator 1.4.x has been deleted. Why would you do something like this? Well, the application grew over time. Cryptomator has been started more than six years ago and some concepts weren’t established back then that make development easier today. During the rewrite, we planned a whole new code structure which makes it easier to extend the application in the future and at the same time have new developers understand what parts of the code is responsible for what dialog in the software.
One goal of the redesign was to make the onboarding process easier for users who don’t feel too comfortable with encryption software. We attended (and organized) some usability tests in our vicinity and saw how first-time users reacted to the vault creation process. This helped us to design the workflows and understand common misconceptions.
State of the Android App
Not worth mentioning is that the Android app in 1.5.0 will support vault format 7. In the Android app, we focused on implementing new features and improving stability:
Already opened files are cached on the smartphone. When reopened and if the file has not changed in the cloud, the file is loaded from the local file system, which leads to a huge performance improvement.
Fixed and improved auto photo upload e.g., after device reboot or on Android 10 under certain conditions the upload didn’t work
We added an option to lock a vault immediately when Cryptomator is closed or in background
Last but not least, we’ve put a lot of work into a new license store that will enable us to provide an alternative way of distributing our Android app, as we have a lot of requests from users who prefer not to use Google services such as the Play Store
State of the iOS App
The iOS app will also support vault format 7, obviously. There are some further fixes and improvements under the hood, but no new features. It already supports caching and it you can even buy it without using the Google Play Store. 😉
What is missing for the final release of 1.5.0?
While at the time of writing this, there are only few missing features planned for 1.5.0 (such as vault recovery) and only some final polishing is required from our side, we want to make sure our mobile apps and also third party apps such as Cyberduck are ready to deal with the new vault format, too. For some bugs scheduled for 1.5.0 (such as this one), we’re currently waiting for an upstream fix.
Simultaneously, we’re preparing new documentation pages for 1.5.0 as well as a new website with a new FAQ section and we integrate new translations added by our great community on a regular basis.
What’s up next?
Our first priority right after 1.5.0 is to migrate from Java 11 to Java 14. Java 14 includes a long-awaited new tool that is required for our packaging. We’re currently using a workaround that prevents us from upgrading to the latest bundled JRE. This is a small change that will probably be shipped right with 1.5.1. However, we didn’t want to dig up new holes right before 1.5.0 and decided to postpone this to 1.5.1.
Next, we want to focus on Flatpak. We ditched .deb and .rpm files some time ago and replaced them with AppImages. We also really like how the Flatpak ecosystem is gaining traction and is supported natively by a steadily increasing number of distributions. So far, we didn’t get Cryptomator working due to the complexity behind the file system mounts. But after we’ve finished 1.5.0, we hope to be able to put some more attention to this and solve this to ship Cryptomator as a Flatpak soon.
In the Android app, the next big feature will be accessing files of a Cryptomator vault inside other apps using a DocumentProvider. For example, a file explorer will be able to access the content of the vault in this way. As well as smaller features like recursive upload of folders to the vault are planned.
Cryptomator Roadmap Mid 2019
We would like to take a more regular look at our roadmap to publicly document the past, present, and future developments of Cryptomator. Unlike before, we’re also going to have a look at the roadmaps of our mobile apps.
Desktop
In the desktop area, we are currently pursuing two different branches: On the one hand we are striving for feature completion of 1.4.x, with 1.4.12 already available as a release candidate. It will finally allow Linux users to store their password in the system and include the much desired “Custom Mount Flags” feature.
Save password in system (Linux): For a long time, you could only store your vault’s password in the system under macOS and Windows. Through a community contribution, this is now finally also possible under (some) Linux systems. 😄 The existence of GNOME Keyring or another keychain via Secret Service API is required. Many thanks to Ralph Plawetzki (purejava on GitHub) and Sebastian Wiesendahl (swiesend on GitHub) for the implementation!
Custom Mount Flags: Cryptomator uses default options to mount a drive (both for Dokany and FUSE) that we chose for security or performance reasons. However, this leads to limited functionality in some cases and users who want to set their own options can now change them. Be aware: Use at your own risk!
On the other hand the implementation of 1.5.0 has already started. For 1.5.0, as announced, we want to fully concentrate on the redesign of the user interface and improve the internal processing of Cryptomator, because like many open-source projects it has grown organically over time and therefore needs a good refactoring. 😉
iOS
After the release of Cryptomator 1.4.0 for iOS with built-in cache functionality, which on the one hand avoids repeated downloading of files and on the other hand allows (limited) offline access, the work on Cryptomator 1.5.0 for iOS has started.
The main focus will be the integration into the Files app of iOS. The first step will be the expansion of our Document Provider which is going to be extended by the methods “Open” and “Move”. This will make a direct access to files within a Cryptomator vault from other apps possible without having to copy them back and forth.
Android
Cryptomator 1.4.0 for Android is currently being finalized with the following features, which can already be tested in a beta version:
Automatic photo upload: After activation, all images created on the smartphone will be uploaded the next time the selected vault is unlocked.
Make files writable by third-party apps: Files that are opened can be edited in third-party apps. When you finish the editing process by saving and returning to the Cryptomator app, the changes are transferred to the cloud.
We are considering these features for future versions:
LRU Cache: To save network traffic, certain server responses are cached to avoid repeated downloading, for example of unmodified images from the cloud.
Support for Google Team Drives: Access to vaults located in Google Team Drive should be made possible.
Distribution of the app outside of Google Play: Cryptomator for Android should also be available from alternative sources. We are thinking about setting up a licensing system, through which a license could be purchased directly.
Unlocking with system password: You should be able to use the system password of the smartphone to open vaults. (Similar to unlocking with a fingerprint.)
Access to files via DocumentProvider: Access to a Cryptomator vault inside other apps should be made possible via a DocumentProvider. For example, a file explorer would then be able to access the vault in this way.
Upload of directories (recursive): The download of whole folders already works, the upload including all subfolders is not possible yet.
Cryptomator Roadmap Early 2019
Hey it’s a new year, so here comes our quarterly annual 🙈 roadmap preview.
OpenJDK and OpenJFX
Until now we’ve been using Oracle JDK, since this included the GUI library we used for Cryptomator: JavaFX. Beginning with JDK 11, we plan to switch to OpenJDK and OpenJFX. JavaFX will no longer be included in the Oracle JDK anyway and OpenJFX promises shorter release cycles and - as the name suggests - is developed in an open process.
Since we no longer depend on non-free software, Cryptomator could theoretically move from “contrib” to “main” in Debian repos.
We also hope that building Cryptomator becomes easier, since OpenJFX is a normal dependency and you no longer need to install the Oracle JDK.
Symlinks
We have successfully moved to FUSE (Linux and macOS) and Dokany (Windows). Now it is time to improve the file systems. One of the most asked features is support for symbolic links. If you don’t know what this is, don’t worry. For everyone else: Stay tuned for a 1.4.x update introducing symlinks.
UI Redesign
We plan to redesign the whole user interface from scratch with Cryptomator 1.5.0. In order to do this, we are happy to get your input. If you have any ideas on how Cryptomator should look, feel free to join the discussion in our redesign thread.
Cryptomator 1.4.0 Release
What’s New
Introducing Dokany (Windows) and FUSE (macOS, Linux) support. Vaults can now be mounted via Dokany and FUSE which is now the preferred way over WebDAV. Expect vastly improved integration into the system. A complete list of closed issues is available here.
Dokany / FUSE
Provide virtual drive using Dokany on Windows (#207)
Provide virtual drive using FUSE on macOS and Linux (#252)
Solves upstream bug with keeping modification date and other dates of original file (#220)
Solves upstream bug on Windows with files >4 GB (#82)
Solves upstream bug on Windows with Windows Explorer showing C: drive capacity for any vault (#80)
Solves upstream bug on macOS High Sierra with disappearing drives (#579)
Solves upstream bug on macOS Sierra with duplicate folders in /Volumes (#464)
Decreased file size of application and installer packages significantly
Dropped official Windows and Linux 32 bit support
Cryptomator Roadmap Early 2018
Since it is understandable that not all of our users can track all development activities on GitHub, I would like to write a few paragraphs here about the technical updates that are planned for Cryptomator in 2018 and their impact on usage.
FUSE
The biggest upcoming change is the implementation of FUSE-based drives. This will be additional to WebDAV and will become the new default setting. We are currently developing the necessary library. It is based on jnr-fuse, which means you need FUSE for macOS or WinFsp in case of Windows. The Linux kernel supports FUSE out of the box.
A big challenge at the moment is how to include WinFsp or FUSE for macOS in the installer. First test versions will therefore require manual installation of named libraries.
The benefit of using FUSE lies not only in performance enhancements (which are already clearly measurable in the current state of development for some file/directory operations) but also in the expected increase in compatibility with third-party software. There are several problems related to the WebDAV drive, as can be seen in our issues list.
Java 9
During the Christmas holidays, I made all libraries and the desktop application compatible with Java 9. Our CI builds now run uniformly with JDK 9 in containers. However, the code is still compiled for older Java versions, not just because our Android app depends on it.
What’s the point? Java 9 is a huge step in the development of the Java platform. In addition to various bug fixes that directly benefit Cryptomator users, e.g. better support for HiDPI displays under Windows and Linux, there were massive refactorings which form the basis for a new release model of the Java platform with new feature releases in six-month cycles. This means that we will be able to benefit from new features in the future more rapidly without having to rely on unstable test versions.
However, the conversion to Java 9 with Cryptomator 1.4.0 is also the basis for the use of the Java Platform Module System from Cryptomator 1.5.0 onwards, whereby much smaller applications can be built. In a first test, the size of the Cryptomator application for macOS was reduced from over 200 MiB (in the installed state) to about 70 MiB.
IntelliJ
We switched our build platform from Eclipse to IntelliJ because the JDK 9 compatible versions of Eclipse contain changes to the compiler that didn’t get along with code generated by Dagger.
Furthermore, our Android developers are already used to IntelliJ so that we can harmonize our tools a little bit here.
64 Bit
Since both WinFsp and JDK 9 require 64 bit, Cryptomator will no longer support 32 bit systems as of version 1.4.0. Although this is a pity, it also speeds up the development process because fewer systems have to be tested.
Cryptomator 1.3.x will be 100% compatible with 1.4.0. This means that users who depend on 32-bit software can continue to use Cryptomator vaults.
Did you find this insight interesting? Should we give an outlook for every major milestone in the future? We would like to hear your opinion in the comments!
Cryptomator 1.3.0 Release
We’ve completely rewritten Cryptomator. Its core components are now modularized to CryptoLib, CryptoFS, and WebDAV-NIO-Adapter. A complete list of closed issues is available here.
Improvements
Auto-Unlock!!! 🎉 (#40) We finally implemented the most-wished feature. Still experimental and will be completed by autostart (optionally hidden) in future versions
Dropped SHA-1 signatures in Windows Authenticode code signing
Dropped official Windows Vista support
Dropped official Ubuntu Vivid and Wily support
Technical Details on Windows Mounting
After we have fixed #431, we noticed various issues on Windows. We tried hosting the virtual drive via localhost, 127.0.0.1, and ::1 but every host has its own issue: Sometimes access to the virtual drive was extremely slow, sometimes Windows showed unnecessary security warnings (#529), and sometimes Office didn’t properly work (#512). That’s why the Windows installer for Cryptomator now writes the new host cryptomator-vault (which is mapped to 127.0.0.1) into the hosts file. Weirdly enough, with that new host, all problems seem to be gone. Even though we don’t quite understand why binding an IP has such a big impact, we just hope that we finally found a good solution!
Under-The-Hood Improvements
We’d like to highlight some improvements that we were able to make under-the-hood: Faster build times, high test coverage for our crypto libraries, and more!
This version will be released shortly and might be the last major beta version. We are now in preparations for releasing Cryptomator 1.0.0 for Android. Looking forward to a great first final release!
Mysterious Windows Bug Fix with 1.2.3 Update
Cryptomator 1.2.3 for Windows fixes a mysterious bug, commonly known as system error 53 or 67. Well, it’s not that mysterious anymore, but this particular error had been haunting us from the beginning! Cycor on GitHub (almost casually) pointed out in GitHub Issue 210 that he found the cause of system error 53/67 after a few months of experiencing the issue himself.
Apparently, there is a Windows Registry entry responsible for listing available network providers called ProviderOrder. Cryptomator’s virtual drive is based on WebDAV. Therefore, a missing webclient value in the ProviderOrder registry key would lead to such error. We were stunned, desperate, and hopeless for many months, because we were never able to reproduce the issue. We added things like the IPv6 literal option (which is probably going to be removed in a future version) or thought that some firewall was responsible for the error. But nope! Clearly some applications modify this registry entry, because a clean Windows installation doesn’t have the webclient value missing. Shame on them! 🔔
We fixed this issue by patching the Cryptomator for Windows installer and added some code that adds the webclient value back to the ProviderOrder key, if it is missing. The registry key can be found at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order. If you’re a fellow developer and stumbled on this blog post while having the same issue and even using Inno Setup yourself, you can find the code on GitHub.
Big thanks to Cycor for finding the solution to this weird bug! 😄
Furthermore, version 1.2.3 (also available for Mac and Linux) includes other improvements:
Saved password can now be forgotten by deselecting the checkbox. [Windows/Mac]
WebDAV server keeps running after unlocking a vault even if mounting fails.
Log files don’t contain debug-level information per default anymore, added debug mode in settings.
What’s next?
We released CryptoFS in version 1.0.0, which is now ready to be integrated in our main application Cryptomator. The next minor release Cryptomator 1.3 will mainly include a “heart transplant” with the integration of CryptoFS. This is a requirement before we can integrate FUSE/Dokany, which is currently scheduled for version 1.4.
Cryptomator 1.2.0 Release
Cryptomator 1.2.0 for Windows, Mac, and Linux is out now!
New Features
On Windows and Mac you can now optionally save your password. This is a preparation for auto-unlock (GitHub Issue 40), one of the most wanted features we’re planning for the next minor release. Linux support will follow, as soon as we figured out a standard way to protect saved credentials across most distributions.
New migration screen preventing accidental migration.
Cryptomator for Mac will now appear in Dock + Application Switcher, when not minimized to the menu bar icon.
Fixes and Improvements
Improved speed of directory listing by using a deterministic cleartext size calculation.
Sadly, we had to drop file size obfuscation support. From this version onwards, there is a bijective function for calculating the cleartext size from the ciphertext size and vice versa.
We always strive to offer the best of both, security and usability. But sometimes we need to find a compromise in order to implement all the features, we’re planning for future releases. In the past, we needed to access the first few bytes of a file in order to determine the cleartext file size, which led to O(n) I/O activities with n being the number of files per directories. In this case, we decided in favor of O(1) directory listings, which is especially useful for large directory listings, file size determination via mobile devices, or slow internet connections.
File size obfuscation has never been a cryptographically effective protection against adversaries getting to know the approximate cleartext size. Anything the size of a movie remained the size of a movie and was most likely not mistaken for a text document. Nevertheless, we will miss you. R.I.P.
Cryptomator 1.2.0 for iOS
Added compatibility to vaults created with desktop version 1.2.0
Added file sizes to directory listing (only available for newly-created or migrated vaults)
Added “sort by date” in directory listing
Added filter capability in directory listing
Added favorite folders to file upload
Added sticker pack with Cryptobot for Messages (available for iOS 10)
Improved clean up of temporary files
Fixed upload of large files in iCloud Drive, Dropbox, and OneDrive
Fixed access of shared folders in OneDrive
Fixed directory listing that limited the number of files shown in Google Drive and OneDrive
Fixed last modified date in Google Drive
Fixed reauthentication of some cloud storage services
Cryptomator for Android
We are confident that we can inform you about a beta release in the next weeks. Stay tuned and thank you for your patience!
Security Fixes with 1.1.4 Update
Cryptomator 1.1.4 for Windows, OS X, and Linux fixes two (related) vulnerabilities allowing malicious Flash files being injected into vaults, that can be executed to “bypass” the SOP and access files from a Flash-enabled browser (GitHub Issues 318 & 319). Kudos to Lukas Reschke for reporting them!
Various bugs with Dropbox, Google Drive, Windows drive letters, the Windows Registry and WebDAV access on Linux were also fixed. A complete list of closed issues is available here.
What’s next?
We’re making progress with the Android app. If everything goes as planned, you can expect a first beta release next month. We’ll send out invitation links to those who have expressed interest in participating in the beta. Stay tuned!
We plan to improve the desktop app compatibility- and performance-wise by integrating FUSE/Dokany (PFM has been suggested instead of Dokany, we’re still evaluating this). Hopefully, we can launch a first beta with these major changes by the end of this year.
Due to these major development efforts we have been modularizing the cryptographic relevant libraries into cryptolib and cryptofs under the GPL license. In that way, it’s easier for us to use the same libraries across multiple apps and also for third parties to use them independent of our main application. These libraries aren’t final yet.
We haven’t planned our 1.2 milestone yet, but the has been highly requested and is probably the biggest contender right now. We hear you and we’d like to thank you for all your feedback! 😄
Cryptomator 1.1 Release
Cryptomator 1.1 for Windows, OS X, and Linux is out now! We’ve added a password strength indicator and sync conflicts are now being detected.
What’s New:
Password Strength Indicator: Based on Dropbox’s zxcvbn. Kudos to Jean-Noël Charon (jncharon on GitHub) for implementing this feature.
Sync Conflict Resolution: When editing a file on multiple devices simultaneously, version conflicts are inevitable. Dropbox, Google Drive, etc. can detect these conflicts and will provide all versions of the affected file. From now on Cryptomator will transparently pass detected conflicts right to the decrypted drive to ensure no version gets lost.
Several small tweaks and fixes.
We’ve also released Cryptomator 1.1 for iOS recently. WebDAV support is finally here! Encrypt your files in cloud storage services like ownCloud, HiDrive, MagentaCLOUD, STACK, blaucloud, and many more.
What’s New:
Added WebDAV support.
Downloads and uploads continue while the app is in the background.
Improved Google Drive integration, using their newest APIs.
Fixed missing fullscreen button when viewing videos on iPad.
Several bug fixes and UI optimizations.
What about Android?
We started implementing a prototype of the Android app and will keep you updated shortly! Stay tuned. 😄
