Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not using cryptomator vault #10352

Closed
cyberduck opened this issue Jun 7, 2018 · 6 comments
Closed

Not using cryptomator vault #10352

cyberduck opened this issue Jun 7, 2018 · 6 comments
Assignees
@dkocher
Labels
bug cli Command Line Interface fixed high priority
Milestone
7.0.2

Comments

@cyberduck
Copy link
Collaborator

561aead created the issue

I use Google Drive, Cryptomator and duck CLI.

It is very random when I am prompted for my Vault password. When I am not being prompted the files are just uploadet unencryptet to Google Drive.

Examples:

duck --mkdir googledrive://My%20Drive/Vault/Folder

This will create an unencrypted folder.

duck --upload googledrive://My%20Drive/Vault/ /home/user/folder/

This will ask for the Vault password and will upload encrypted.

duck --upload googledrive://My%20Drive/Vault/Folder /home/user/folder/

This will not ask for the password and will upload the files unencrypted. (Even if the folder was created by the Cryptomator app or eg. Cyberduck for Windows)

It is very unstable and uploading files unencrypted when expecting them to be encrypted is a problem.

Running on Ubuntu 14.04
@cyberduck
Copy link
Collaborator Author

9ebe7cf commented

I did some tests using the file:// protocol (it's great to have this kind of a loopback!) and could reproduce a case of not using cryptomator vault when trying to create a new folder inside a vault:

root@c0072497ea82:/# duck --version
Cyberduck 6.8.3 (29107). Not registered. Purchase a donation key to support the development of this software.

root@c0072497ea82:/# ls -l /mnt/hostdata/CryptomatorVault/
total 1
drwxrwxrwx 2 root root   0 Dec 29 19:23 d
-rwxr-xr-x 1 root root 327 Dec 29 19:23 masterkey.cryptomator

root@c0072497ea82:/# duck --verbose --mkdir file:///mnt/hostdata/CryptomatorVault/folder_in_vault
Login successful…

root@c0072497ea82:/# ls -l /mnt/hostdata/CryptomatorVault/
total 1
drwxrwxrwx 2 root root   0 Dec 29 19:23 d
drwxrwxrwx 2 root root   0 Dec 29 19:29 folder_in_vault
-rwxr-xr-x 1 root root 327 Dec 29 19:23 masterkey.cryptomator

The new folder was created inside the vault-folder, not the vault itself.

@cyberduck
Copy link
Collaborator Author

9ebe7cf commented

Another case of not using cryptomator vault happens when listing directories inside a vault:

root@c0072497ea82:/# touch /mnt/hostdata/CryptomatorVault/x.txt

root@c0072497ea82:/# ls -l /mnt/hostdata/CryptomatorVault/
total 1
drwxrwxrwx 2 root root   0 Dec 29 19:23 d
-rwxr-xr-x 1 root root 327 Dec 29 19:23 masterkey.cryptomator
-rwxr-xr-x 1 root root   0 Dec 29 19:54 x.txt

root@c0072497ea82:/# duck --longlist file:///mnt/hostdata/CryptomatorVault/
Login successful…
drwxrwxrwx      Dec 29, 2018 7:23:58 PM         d
Unlock Vault. Provide your passphrase to unlock the Cryptomator Vault “CryptomatorVault“.
Passphrase:

-rwxr-xr-x      Dec 29, 2018 7:26:18 PM         test.txt

Note that the folder d, that is an internal structure of the vault, is displayed while the file x.txt is not. test.txt is correctly displayed because it is a file inside the vault.

It appears that the CLI treats the folder to be listed as a normal folder and lists its contents until it finds a masterkey.cryptomator at which point it asks for the password and treats the folder as a vault. It should rather check at first whether the folder is a vault, e.g. whether it contains a masterkey.cryptomator.

@cyberduck
Copy link
Collaborator Author

9ebe7cf commented

Related to the one above, but slightly different:
(I created the folder FolderInVault inside the vault using the Cyberduck GUI.)

root@c0072497ea82:/# duck --longlist file:///mnt/hostdata/CryptomatorVault/FolderInVault/
Login successful…
Listing directory FolderInVault failed. /mnt/hostdata/CryptomatorVault/FolderInVault.
Please contact your web hosting service provider for assistance.

root@c0072497ea82:/# mkdir /mnt/hostdata/CryptomatorVault/FolderOutsideOfVault

root@c0072497ea82:/# touch /mnt/hostdata/CryptomatorVault/FolderOutsideOfVault/FileOutsideOfVault.txt

root@c0072497ea82:/# duck --longlist file:///mnt/hostdata/CryptomatorVault/FolderOutsideOfVault
Login successful…
-rwxr-xr-x      Dec 29, 2018 8:27:20 PM         FileOutsideOfVault.txt

It appears the CLI only checks the last directory (FolderInsideVault or FolderOutsideOfVault respectively). It should however check every directory starting with the root directory.

Note that the issue shown here also affects up- and downloads, when operating on an object inside a vault. So while the CLI can --download a whole vault, it can not download only a certain folder from a vault.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Duplicate for #10566.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

In b5061fd. We have introduced an explicit argument to reference the vault. Use --vault /home/folder/vault/ in conjunction with --upload to unlock the vault prior an upload.

@cyberduck
Copy link
Collaborator Author

@dkocher commented

Documentation added in Cryptomator.

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dkocher dkocher

Labels
bug cli Command Line Interface fixed high priority
Projects
None yet
Milestone
7.0.2
Development

No branches or pull requests
2 participants
@dkocher @cyberduck