Cyberduck Mountain Duck CLI

Version 14 (modified by yla, on Jan 9, 2017 at 11:56:47 AM) (diff)

--

Cyberduck Help / Howto / Cryptomator

Support for client side encryption with Cryptomator interoperable vaults.

The Cyberduck encryption feature is based on the excellent concepts and work of Cryptomator. Cryptomator is free and open source software. Since Cyberduck is also open source software anyone is able to audit the source code. No security by obscurity, no hidden backdoors from third parties, no need to trust anyone except yourself.

Encryption Security Architecture

Filename Encryption

TBD.

File Content Encryption

TBD.

Create new Vault

Choose File → New Vault… to create a new vault.

Important: The passphrase for the vault cannot be changed later. Make sure to use a strong passphrase where the password strength indicator is fully green.

A backup of the master key file (masterkey.cryptomator) is saved in user defaults. The encrypted key in masterkey.cryptomator is not more sensitive than the encrypted files in the vault. For technical aspects, refer to Masterkey Derivation.

Unlock Vault

When opening a directory in the browser that is a Cryptomator vault, a prompt is displayed to unlock the vault using the provided passphrase and decrypt the directory and filenames. If you cancel the prompt, the encrypted vault content is displayed.

Save Passphrase

You can check Add to Keychain to save the passphrase to open the vault with the master key file in your login keychain. The checkbox is disabled by default.

Browser

You can open and browse multiple vaults on a server in a single browser window. For each vault to be opened you will be prompted your passphrase to decrypt the filenames. Decrypted filenames when browsing a vault will show a padlock overlay icon.

References

swiss made software