Cryptomator

Cryptomator is used for encrypted storage of data in the cloud (e.g. on our Seafile servers).

It creates a separate drive that can be worked on locally (usage folder). In the background, Cryptomator encrypts the individual files and stores them under encrypted file names in a directory to be specified during installation (synchronisation folder). The encrypted file versions can be synchronized to the cloud via the usual cloud storage clients.

Initial setup of Cryptomator with Seafile as cloud storage

For the initial setup of Cryptomator please install Seafile on your computer and establish the connection. How to do that is described here for Cloudseafile and here for the project repository.

After that, create an empty folder (synchronisation folder) inside Seafile and synchronize it with your computer.

Important: You must never store data in this synchronisation folder on your own, because it can interfere with Cryptomator and also it will not be encrypted. Instead, this folder should be managed by Cryptomator, which places the encrypted data there.

The encrypted data is accessed through another folder (usage folder), which is generated by Cryptomator as an unencrypted "view" of the data and must exist only locally on your computer.

Note, just in case it's needed: synchronize single folder

Note, just in case it's needed: synchronize single folder

If you do not want to synchronize all folders from a Seafile library: Open a library in Seafile in its internal file browser. Now right-click on the folder you want to synchronize and select "Synchronize Folder".
Instruction: Creation of a container

Install Cryptomator. Installation files can be downloaded from the manufacturer's website.

Container creation

Open Cryptomator and click on "+ Add vault".

Click on "Create new vault".

Assign a name for the vault. In this example: "Test-Tresor".

Click the radio button next to "My Place" and then click "Browse...".

Select the empty synchronization folder that you already synchronize with your computer via Seafile.

Click on "Next".

Assign a good password for this vault. For example, 20 randomly chosen characters or 6 really randomly chosen words are considered safe. This password (and recovery key) must NOT be stored in Seafile or anywhere else online. Exception: The password has been stored in a password manager (e.g. a KeepassXC file on Seafile) and protected with a password at least as good that has NOT been stored online.

Usage

Importing a synchronization folder on another PC

To use a synchronization folder that already exists in Seafile on another PC, it must be synchronized with this PC via the Seafile client.

Then add the synchronization folder, which now exists both on your computer and in Seafile and is kept synchronized with the Seafile client, to Cryptomator as a vault as described above.

To open the vault and thus create the usage folder, proceed as follows:
How to open a vault

On the page, select the vault you want to unlock and click "Unlock..."

Enter the required password.

Now a virtual drive is created, in this example F:\. This is the usage folder. In this you can now store your data and these are stored encrypted in Seafile in the synchronization folder. You can recognize the freshly created folder by a WELCOME.rft file.
Management of the synchronization folder encrypted with Cryptomator
Cryptomator loads and writes the unencrypted data that is stored on your computer inside the usage folder, encrypted, to the synchronization folder that is synchronized with the cloud.

In the case of the synchronization folder, note the following:

Only this folder is encrypted. You must not sync the unencrypted usage folder (where you can access the files) with Seafile or any other cloud.

You must not put files in the synchronization folder on your own, because they will go to the cloud unencrypted.

If you delete data in the synchronization folder, you destroy the data stored there and thus the usable view on it in the usage folder.

The data in the synchronization folder takes some time to get to the (Seafile) cloud. Therefore, after making changes to the usage folder, make sure that the encrypted data generated from it and stored in the synchronization folder has been uploaded into the cloud. This is the case if the cloud synchronization program (Seafile) does not show any synchronization in progress.
This is the synchronization folder with (Seafile) cloud connection. Do not store any data here yourself, because it will be stored unencrypted. And also none are to be deleted, because then the encrypted data will be lost. An IMPORTANT.rtf provides brief information about these risks.
Avoidance of collisions/conflicts

If two users are working on one and the same file in their own usage folder of one and the same synchronization folder, conflicts may arise. In such a case, two different versions of one and the same file are created, both of which are stored in Cryptomator.

To avoid collisions (also known as conflicts), office programs such as Microsoft Office or LibreOffice create a so-called lock file that locks the file currently being edited for other users. To ensure that this file is also transferred before the file to be edited is opened, automatic synchronization should be activated in the Seafile client program before each use of a file protected with Cryptomator.

If a collision/conflict does occur, it can be detected and resolved as described in the Troubleshooting section.

Troubleshooting

Mounting in the file system on Linux does not work.
Examples of error messages:

Error Code GH1B:GH1B:4DUP

org.cryptomator.integrations.mount.MountFailedException: Mounting failed

Error Code QPDR:EB5G:EB5G

org.cryptomator.integrations.mount.MountFailedException: Mount succeeded, but failed to determine mount point within dir: /run/user/104449/gvfs#

Error Code 6HCL:2GTN:8714

org.cryptomator.integrations.mount.MountFailedException: org.cryptomator.jfuse.api.FuseMountFailedException: fuse_mount failed

Possible solution: The fuse3 package is not installed on your Linux system. Install it later or ask your IT department.

Example for Ubuntu 20.04

sudo apt install fuse3

After that, go to the settings in Cryptomator (click the gear icon) and then to the "Virtual Drive" tab. There select drive type "FUSE".
Linux: Error message "The socket is not connected".
Symptoms:

The error message "The socket is not connected" appears when you try to access the unencrypted folder on the command line.

Cryptomator displays an error message on Linux that the folder set cannot be used for mounting.

Solutions:

Option 1: Restart the computer.

Option 2 (requires admin rights): Force the release of the corresponding folder with

sudo umount -f <the corresponding folder>
Linux: Already used folder cannot be used for mounting.

see Linux: Error message "The socket is not connected".
Synchronization conflict file with “.c9r SFConflict” appears in the name.
Example of a synchronization conflict when using Cryptomator.
These files appear when two people are working on a file at the same time. So that one person does not overwrite the data of the other person when saving the file, a separate copy is created for each person in such a case. For every file with this type of name, there is therefore always another file without a name beginning with the same name as the other.

To resolve such a so-called conflict, one of the persons needs to

Ensure that no other person is currently editing the file(s).

Open both files.

Merge the contents.

This can only be done manually using the clipboard. Unfortunately, there is no tool that could automate or support this.

Save the result in the file without the “c9r (SFConflict” suffix.

Delete the file named with “.c9r SFConflict”.

Ensure that the result is synchronized with the Seafile client.

Notify the other person that you can work with it again.