Cyberduck Mountain Duck CLI

#10352 closed defect (fixed)

Not using cryptomator vault

Reported by: dennis Owned by: dkocher
Priority: high Milestone: 7.0.2
Component: cli Version: 6.5.0
Severity: normal Keywords: cli cryptomator google drive
Cc: Architecture:

Description (last modified by dkocher)

I use Google Drive, Cryptomator and duck CLI.

It is very random when I am prompted for my Vault password. When I am not being prompted the files are just uploadet unencryptet to Google Drive.


duck --mkdir googledrive://My%20Drive/Vault/Folder

This will create an unencrypted folder.

duck --upload googledrive://My%20Drive/Vault/ /home/user/folder/

This will ask for the Vault password and will upload encrypted.

duck --upload googledrive://My%20Drive/Vault/Folder /home/user/folder/

This will not ask for the password and will upload the files unencrypted. (Even if the folder was created by the Cryptomator app or eg. Cyberduck for Windows)

It is very unstable and uploading files unencrypted when expecting them to be encrypted is a problem.

Running on Ubuntu 14.04

Change History (11)

comment:1 Changed on Jun 7, 2018 at 6:59:47 AM by dkocher

  • Milestone set to 7.0
  • Owner set to dkocher
  • Status changed from new to assigned

comment:2 Changed on Jun 21, 2018 at 7:49:22 AM by dkocher

  • Description modified (diff)

comment:3 Changed on Dec 3, 2018 at 2:16:05 PM by dkocher

  • Summary changed from Cyberduck CLI not using cryptomator vault to Not using cryptomator vault

comment:4 Changed on Dec 29, 2018 at 7:50:10 PM by sebastian

  • Cc added

I did some tests using the file:// protocol (it's great to have this kind of a loopback!) and could reproduce a case of not using cryptomator vault when trying to create a new folder inside a vault:

root@c0072497ea82:/# duck --version
Cyberduck 6.8.3 (29107). Not registered. Purchase a donation key to support the development of this software.

root@c0072497ea82:/# ls -l /mnt/hostdata/CryptomatorVault/
total 1
drwxrwxrwx 2 root root   0 Dec 29 19:23 d
-rwxr-xr-x 1 root root 327 Dec 29 19:23 masterkey.cryptomator

root@c0072497ea82:/# duck --verbose --mkdir file:///mnt/hostdata/CryptomatorVault/folder_in_vault
Login successful…

root@c0072497ea82:/# ls -l /mnt/hostdata/CryptomatorVault/
total 1
drwxrwxrwx 2 root root   0 Dec 29 19:23 d
drwxrwxrwx 2 root root   0 Dec 29 19:29 folder_in_vault
-rwxr-xr-x 1 root root 327 Dec 29 19:23 masterkey.cryptomator

The new folder was created inside the vault-folder, not the vault itself.

comment:5 Changed on Dec 29, 2018 at 8:05:42 PM by sebastian

Another case of not using cryptomator vault happens when listing directories inside a vault:

root@c0072497ea82:/# touch /mnt/hostdata/CryptomatorVault/x.txt

root@c0072497ea82:/# ls -l /mnt/hostdata/CryptomatorVault/
total 1
drwxrwxrwx 2 root root   0 Dec 29 19:23 d
-rwxr-xr-x 1 root root 327 Dec 29 19:23 masterkey.cryptomator
-rwxr-xr-x 1 root root   0 Dec 29 19:54 x.txt

root@c0072497ea82:/# duck --longlist file:///mnt/hostdata/CryptomatorVault/
Login successful…
drwxrwxrwx      Dec 29, 2018 7:23:58 PM         d
Unlock Vault. Provide your passphrase to unlock the Cryptomator Vault “CryptomatorVault“.

-rwxr-xr-x      Dec 29, 2018 7:26:18 PM         test.txt

Note that the folder d, that is an internal structure of the vault, is displayed while the file x.txt is not. test.txt is correctly displayed because it is a file inside the vault.

It appears that the CLI treats the folder to be listed as a normal folder and lists its contents until it finds a masterkey.cryptomator at which point it asks for the password and treats the folder as a vault. It should rather check at first whether the folder is a vault, e.g. whether it contains a masterkey.cryptomator.

comment:6 Changed on Dec 29, 2018 at 8:44:46 PM by sebastian

Related to the one above, but slightly different: (I created the folder FolderInVault inside the vault using the Cyberduck GUI.)

root@c0072497ea82:/# duck --longlist file:///mnt/hostdata/CryptomatorVault/FolderInVault/
Login successful…
Listing directory FolderInVault failed. /mnt/hostdata/CryptomatorVault/FolderInVault.
Please contact your web hosting service provider for assistance.

root@c0072497ea82:/# mkdir /mnt/hostdata/CryptomatorVault/FolderOutsideOfVault

root@c0072497ea82:/# touch /mnt/hostdata/CryptomatorVault/FolderOutsideOfVault/FileOutsideOfVault.txt

root@c0072497ea82:/# duck --longlist file:///mnt/hostdata/CryptomatorVault/FolderOutsideOfVault
Login successful…
-rwxr-xr-x      Dec 29, 2018 8:27:20 PM         FileOutsideOfVault.txt

It appears the CLI only checks the last directory (FolderInsideVault or FolderOutsideOfVault respectively). It should however check every directory starting with the root directory.

Note that the issue shown here also affects up- and downloads, when operating on an object inside a vault. So while the CLI can --download a whole vault, it can not download only a certain folder from a vault.

comment:7 Changed on Feb 15, 2019 at 1:47:43 PM by dkocher

  • Resolution set to duplicate
  • Status changed from assigned to closed

Duplicate for #10566.

comment:8 Changed on Jul 5, 2019 at 12:19:07 PM by dkocher

  • Milestone changed from 7.0 to 7.1

comment:9 Changed on Jul 5, 2019 at 12:19:15 PM by dkocher

  • Resolution duplicate deleted
  • Status changed from closed to reopened

comment:10 Changed on Jul 22, 2019 at 1:04:59 PM by dkocher

  • Milestone changed from 7.1 to 7.0.2
  • Resolution set to fixed
  • Status changed from reopened to closed

In r47305. We have introduced an explicit argument to reference the vault. Use --vault /home/folder/vault/ in conjunction with --upload to unlock the vault prior an upload.

comment:11 Changed on Jul 22, 2019 at 1:07:02 PM by dkocher

Documentation added in Cryptomator.

Note: See TracTickets for help on using tickets.