We’re happy to announce the release of Cryptomator 1.10.0. π Let’s dive into what this new release has to offer!
Expert Settings During Vault Creation
We understand that expert users desire more control and would like to override some default values in the vault configuration file. That’s why the new version brings the addition of expert settings during vault creation. For now, you can set the maximum length of encrypted file names. This feature ensures that Cryptomator adapts to the peculiarities of various cloud storage systems. π οΈ
Proper Tray Menu Support on Linux
A huge shoutout to Ralph (purejava on GitHub) for his open-source contribution once again! π Thanks to his efforts, we now have proper tray menu support with AppIndicator integration. It’s yet another step towards making Cryptomator feel native and fluid for Linux users.
AArch64 Build for AppImage
Good news for Linux users on AArch64 architectures! π Cryptomator 1.10.0 includes an AArch64 build for AppImage. With this addition, we’re expanding our reach and welcome more Linux users.
Improved Error Dialog
Encountering an error can be frustrating π, especially when you’re not sure what to do next. We’ve redesigned our error dialog to focus on solutions. Now, when you run into an error, the dialog will guide you to a potential solution if it exists in our error database. This enhancement aims to make troubleshooting more user-friendly and efficient. β
Refreshed macOS App Icon
Mac users, we haven’t forgotten about you! π Aesthetics matter, and with this update, Cryptomator boasts a brand-new app icon for macOS. How do you like Cryptobot in a squircle?
Conclusion
Cryptomator 1.10.0 brings a mix of enhancements and several bug fixes to ensure a smoother user experience. As always, your feedback is welcome. For a detailed list of all changes, please check out the release notes.
Thank you for your continued support and trust in Cryptomator. β€οΈ Update to 1.10.0 now and let us know what you think!
Happy crypting! π
Cryptomator 1.7.0: What You Need to Know
If you’re subscribed to our releases on GitHub, this is already old news for you: We have released the first beta of the upcoming Cryptomator 1.7.0! It contains a lot of internal changes and a bunch of new features, some of which are almost as old as Cryptomator itself.
We are very proud of this release, as it eliminates technical debt, delivers long-awaited features, and prepares Cryptomator Desktop for the future. But putting aside about 3,000 lines of code changes and a 4-month development iteration (not counting work in our libraries), let’s dive into this release to see what you, the user, will get out of it.
Locate Encrypted File
As already mentioned, Cryptomator 1.7.0 includes a feature that has been requested for a very long time: Locating the encrypted counterpart of a file. Sounds complex, but once you remember that Cryptomator encrypts filenames and obfuscates the directory structure (see our docs), it is easy to understand.
Prior to 1.7.0, you had to guess which encrypted file corresponds to which cleartext file based on the exact timestamps. Now, once the vault is unlocked, the encrypted counterpart of any file in the vault can be revealed by clicking on the “Locate Encrypted File” button and selecting a file in the vault. Or you can simply drag and drop the files from your vault onto this button. See for yourself in this short video:
Experimental Support for FUSE-T
On macOS, Cryptomator can use two different technologies to integrate your vault into the system: macFUSE and WebDAV. Unfortunately, the WebDAV implementation on macOS is not the most reliable one. Starting with Apple Silicon Macs, it became unusable for some users who reported system freezes. To make matters worse, macFUSE, which has been the preferred option for at least 3 years, is also on its last legs. Apple has deprecated the OS APIs used by macFUSE since macOS 12.3.
For the past year, we have been desperately searching for an alternative. Our proof of concept using Apple’s File Provider framework was not very convincing and would basically require a whole new architecture. Fortunately, you, our community, informed us about an alternative: FUSE-T.
FUSE-T is a young project that does not rely on deprecated macOS APIs and can be used as a drop-in-replacement for macFUSE. It requires a much less deep system integration than macFUSE while offering a similar performance. This makes Cryptomator ready for the medium-term future on macOS. But since FUSE-T is quite young, support for it is experimental for now. We encourage you to try it though!
So, while the File Provider extension is not out of our sight, we are relieved to be able to offer you a stable system integration of your Cryptomator vaults.
Volume Types Overhaul
Looking at the screenshot above, you might have noticed: The volume types have changed, too. That’s right, and that’s because we rewrote the entire volume type selection and internal wiring logic. It was a huge development effort, but it resulted in a less complex and easier to maintain architecture under the hood. It also resulted in more options for you.
More Options
The old implementation basically offered 3 (or 2) options: WebDAV, Dokany, and FUSE. Now, specialized implementations are offered for each OS. For example, on Windows you can select between WinFsp, WinFsp (Local Drive), Dokany, WebDAV (Windows Explorer) and WebDAV (Fallback).
But don’t worry, this selection is only important if you have special requirements for the virtual drive. Otherwise, Cryptomator has a new “Automatic” option and is set up to choose the best suited option for you, and you don’t need to worry about it.
We have even added an emergency option: The aforementioned “WebDAV (Fallback)”. If you can’t mount your vault at all, it makes your vault accessible via a local-only server using the web standard WebDAV. We’ll have a guide describing this in more detail soon.
WinFsp Change: Local vs. Network Drive
Windows users may notice that their vault is now mounted as a network drive by default. This has the advantage of better performance when listing large directories. The disadvantage is that it cannot be mounted into a directory. Accessing the vault as a privileged user is still possible by using the UNC path.
If you really need a local drive, you can always change the volume type in the preferences.
Dokany Deprecation
With the release of Cryptomator 1.7.0, we will officially deprecate Dokany support.
Dokany, like FUSE, provides a file system interface to mount virtual drives without requiring elevated privileges. We started supporting Dokany 3 years ago with version 1.4.0. But things didn’t go as smoothly with the Dokany volume as we had hoped, so we decided to focus our development efforts on a single file system interface. All Dokany-related issues on GitHub will be closed, and our general recommendation is to use WinFSP which comes with the EXE installer of Cryptomator. You will still be able to use Dokany, but it won’t get any updates and support will eventually be removed.
It was a great time, and we wish the Dokany project all the best!
Linux AArch64 Builds
With Cryptomator 1.7.0, we’ll finally ship AArch64 builds of Cryptomator via Flatpak and PPA.
One big obstacle was the aforementioned FUSE file system API on Linux. We were using a rather old project to build the bridge between Cryptomator and FUSE. Thanks to a fantastic development effort started by our lead architect, we now use state-of-the-art technology to implement this bridge. The result is bundled in the library called jFUSE. Not only were we able to change the bridge, we were also able to update to a new major version of FUSE and pave the way to support features like extended attributes.
The AppImage is still x86_x64 only, but we plan to deliver it also in AArch64 architecture eventually.
AES-GCM: New Default for Content Encryption
Starting with Cryptomator 1.7.0, newly created vaults will use AES-GCM instead of AES-CTR+HMAC for file content encryption.
Nowadays, almost all non-embedded devices offer hardware acceleration of the Galois/Counter Mode of operation, so encryption and decryption should be significantly faster than in the old mode of operation. The support in our underlying cryptographic library cryptolib was already added in June 2021 with version 2.0.0. But instead of jumping the gun, we gave it a proper testing period and are now confident to ship this improvement to you.
Of course, our mobile apps also support AES-GCM, although vaults created in iOS or Android will continue to use AES-CTR+HMAC for the time being. The mobile apps are scheduled to switch in their next minor release.
You can continue to use your existing vaults as before. There are no vault upgrades and there is no action required on your part. Cryptomator will support both modes of operation.
Cryptomator 1.6.7 Release: Major Changes on Windows
Hello Community!
The last blog post is already a while ago. We hope you’re all doing fine. Cryptomator 1.6.7 for Desktop is out now and let’s explore the changes together since it’s more than just a “patch”! The update contains some noteworthy changes, especially for Windows users.
New Installer
With Cryptomator 1.6.0, instead of delivering a “regular” executable for installation, we provided a Windows Installer package to allow easier scripted deployment of Cryptomator. But this approach also had drawbacks: We couldn’t bundle third-party drivers (i.e., Dokany) leading to inferior user experience.
These dire times are over! When you head over to downloads and select Windows, you’re getting an executable again that bundles the MSI installer as well as additional dependencies. Furthermore, it supports command-line parameters (e.g., /quiet). For a complete list, run the installer with the /? parameter.
If you want to download the “pure” MSI installer without dependencies, it’s also available on the downloads site or head over to the release on GitHub.
New Default VFS Driver (Virtual Volume)
As already mentioned, the new EXE installer can include dependencies again, so we added one right from the start: WinFsp.
This decision is mainly based on the long-term maintenance effort. The integration of a vault into the OS currently supports WebDAV (legacy), Dokany (Windows), and FUSE (all systems). FUSE support (provided by WinFSP) on Windows is now available for quite a while and feedback was very promising. The time has come to make this the default choice so we can focus on a common code base.
WebDAV and Dokany will remain part of Cryptomator, should you prefer it in your individual setup. Please note that Dokany 2.x is not yet supported and our existing Dokany 1.x glue code requires a migration.
There are some known issues with WinFsp though:
If you are logged in to Windows via an AzureAD account, vaults can only be accessed read-only.
Access with the admin rights is only possible when the vault is mounted into a directory (as opposed to a drive letter).
If you aren’t affected by any of these issues, we encourage you to use WinFsp/FUSE.
Those were the two major changes you should know about. For all changes, have a look at the changelog.
We hope you are enjoying this Cryptomator update.
Cryptomator 1.6.0: What You Need to Know
Hello Community!
In this blog post, we’d like to give you some news about the upcoming major update of Cryptomator to version 1.6.0.
We’ll be highlighting the most significant changes and new features and make sure that you are ready for the update.
Changes and Features
The two most important changes are the usage of a new vault format (version 8) and a long promised integration of the Sanitizer (now called Vault Health Check).
For a more complete list, read the release page of Cryptomator.
Auto Lock
A feature already wished in its earliest days will be present: Auto Lock β the automatic locking of a vault.
For every vault you can set up an idle timer after which the vault is automatically locked.
If any write or read happens during the time span, the timer is reset.
Redesigned Error Dialog
After a lot of indirect feedback from you about the error dialog, we decided to change its design to fit more of your needs.
The most obvious and important change is the new error code.
It might be as cryptic as the already existing stack trace, but it speeds up the search for solutions or workarounds for your specific problem in our error code database.
Along with the error code the dialog also provides links to quickly query the database.
And if the error is not yet known, it’ll make it easier for you to report it in a format that helps us understand the problem.
Vault Format 8
The big change behind the scenes is a new vault format.
Starting with 1.6.0, it will be used by default and enforced.
The new format prepares Cryptomator for future features and corrects inconsistencies in former versions.
For more details, check out the more-in-depth article about it.
Vault Health Check
We added an integrated tool to detect and fix structural problems of a vault (e.g., missing directories).
Until Cryptomator 1.5.0, this task was done by the so-called Sanitizer. But the tool was hard to maintain and hard to use so that it was abandoned with the goal to integrate similar functionality directly within Cryptomator.
This plan finally bore fruit into a workflow to perform different checks on a vault to detect common problems.
The results are shown on the fly and once the check is finished, you can export the results.
For 1.6.0, there will be only three checks to execute, but we plan to add more.
But keep in mind that the Health Check is not designed as a magical fix-all-tool.
If you are encountering problems with a vault, make sure that the vault files are properly synchronized before running this tool.
That said, of course, we appreciate feedback about it regarding usability and functionality.
Plugin API
Cryptomator is now able to load plugins from a dedicated plugin directory.
In the long run, this allows integrating third party services, e.g. enter password via password manager.
The feature is still experimental and might change over time.
A first plugin is already available: A KeePassXC integration developed by PureJava. You can download it here.
Update Guide
In general, you should update, because you not only benefit from new features, but also from bug fixes.
Still, you might consider to delay the update, because Cryptomator 1.6.0 enforces the new format, i.e. old vaults need to be migrated in order to unlock them, and once a vault is migrated, older desktop versions wonβt be able to open it.
Of course, and as always, Cryptomator provides a migration from older formats to version 8.
But to perform it, the app needs write access to the vault files (configuration files and encrypted data).
Details about the migration can be found in the vault format 8 article.
β
You should wait with the update, if
you cannot update all Cryptomator apps (desktop and mobile)
you don’t have write access to all the vaults you use.
When you decide to update, there is one last issue you need to check beforehand:
If you ever manually altered the setting file filenameLengthLimit for a vault in the settings.json file, these modifications will be lost after the update and will be ignored if simply copied back.
A guide to migrate in this setting will be published soon.
