Leibniz Universität Hannover Main Leibniz University Website
Deutsch Contact Deutsch
Leibniz University IT Services
 
LUIS Services IT Security Prevention Data encryption
Cryptomator

Cryptomator

Cryptomator is used for encrypted storage of data in the cloud (e.g. on our Seafile servers).


It creates a separate drive that can be worked on locally (usage folder). In the background, Cryptomator encrypts the individual files and stores them under encrypted file names in a directory to be specified during installation (synchronisation folder). The encrypted file versions can be synchronized to the cloud via the usual cloud storage clients.

Initial setup of Cryptomator with Seafile as cloud storage

For the initial setup of Cryptomator please install Seafile on your computer and establish the connection. How to do that is described here for Cloudseafile and here for the project repository.


After that, create an empty folder (synchronisation folder) inside Seafile and synchronize it with your computer.

Important: You must never store data in this synchronisation folder on your own, because it can interfere with Cryptomator and also it will not be encrypted. Instead, this folder should be managed by Cryptomator, which places the encrypted data there.

The encrypted data is accessed through another folder (usage folder), which is generated by Cryptomator as an unencrypted "view" of the data and must exist only locally on your computer.

  • Note, just in case it's needed: synchronize single folder

    Note, just in case it's needed: synchronize single folder

    If you do not want to synchronize all folders from a Seafile library: Open a library in Seafile in its internal file browser. Now right-click on the folder you want to synchronize and select "Synchronize Folder".
  • Instruction: Creation of a container

    Install Cryptomator. Installation files can be downloaded from the manufacturer's website.

    Container creation

    Open Cryptomator and click on "+ Add vault".
    Click on "Create new vault".
    Assign a name for the vault. In this example: "Test-Tresor".
    Click the radio button next to "My Place" and then click "Browse...".
    Select the empty synchronization folder that you already synchronize with your computer via Seafile.
    Click on "Next".
    Assign a good password for this vault. For example, 20 randomly chosen characters or 6 really randomly chosen words are considered safe. This password (and recovery key) must NOT be stored in Seafile or anywhere else online. Exception: The password has been stored in a password manager (e.g. a KeepassXC file on Seafile) and protected with a password at least as good that has NOT been stored online.

Usage

  • Importing a synchronization folder on another PC

    To use a synchronization folder that already exists in Seafile on another PC, it must be synchronized with this PC via the Seafile client.

    Then add the synchronization folder, which now exists both on your computer and in Seafile and is kept synchronized with the Seafile client, to Cryptomator as a vault as described above.

    To open the vault and thus create the usage folder, proceed as follows:

  • How to open a vault
    On the page, select the vault you want to unlock and click "Unlock..."
    Enter the required password.
    Now a virtual drive is created, in this example F:\. This is the usage folder. In this you can now store your data and these are stored encrypted in Seafile in the synchronization folder. You can recognize the freshly created folder by a WELCOME.rft file.
  • Management of the synchronization folder encrypted with Cryptomator

    Cryptomator loads and writes the unencrypted data that is stored on your computer inside the usage folder, encrypted, to the synchronization folder that is synchronized with the cloud.


    In the case of the synchronization folder, note the following:

    • Only this folder is encrypted. You must not sync the unencrypted usage folder (where you can access the files) with Seafile or any other cloud.
    • You must not put files in the synchronization folder on your own, because they will go to the cloud unencrypted.
    • If you delete data in the synchronization folder, you destroy the data stored there and thus the usable view on it in the usage folder.
    • The data in the synchronization folder takes some time to get to the (Seafile) cloud. Therefore, after making changes to the usage folder, make sure that the encrypted data generated from it and stored in the synchronization folder has been uploaded into the cloud. This is the case if the cloud synchronization program (Seafile) does not show any synchronization in progress.
    This is the synchronization folder with (Seafile) cloud connection. Do not store any data here yourself, because it will be stored unencrypted. And also none are to be deleted, because then the encrypted data will be lost. An IMPORTANT.rtf provides brief information about these risks.

Troubleshooting

  • Mounting in the file system on Linux does not work.

    Examples of error messages:

    • Error Code GH1B:GH1B:4DUP

      org.cryptomator.integrations.mount.MountFailedException: Mounting failed

    • Error Code QPDR:EB5G:EB5G

      org.cryptomator.integrations.mount.MountFailedException: Mount succeeded, but failed to determine mount point within dir: /run/user/104449/gvfs#

    • Error Code 6HCL:2GTN:8714

      org.cryptomator.integrations.mount.MountFailedException: org.cryptomator.jfuse.api.FuseMountFailedException: fuse_mount failed

    Possible solution: The fuse3 package is not installed on your Linux system. Install it later or ask your IT department.

    • Example for Ubuntu 20.04
      • sudo apt install fuse3

    After that, go to the settings in Cryptomator (click the gear icon) and then to the "Virtual Drive" tab. There select drive type "FUSE".

  • Linux: Error message "The socket is not connected".

    Symptoms:

    • The error message "The socket is not connected" appears when you try to access the unencrypted folder on the command line.
    • Cryptomator displays an error message on Linux that the folder set cannot be used for mounting.

    Solutions:

    • Option 1: Restart the computer.
    • Option 2 (requires admin rights): Force the release of the corresponding folder with
      • sudo umount -f <the corresponding folder>
  • Linux: Already used folder cannot be used for mounting.

    see Linux: Error message "The socket is not connected".

further links

Contact

IT Security
Security team
Email
security@luis.uni-hannover.de
IT Security
Security team
Email
security@luis.uni-hannover.de

Last Change: 02.01.24; IT-Security Print

Contact us
Contact