How to set up end-to-end-encryption with Cryptomator

On Tuesday, we interviewed Christian Schmickler – his software Crpytomator offers an easy and open source way for ownCloud users to end-to-end-encrypt their files client-side. We show how to set this up with your ownCloud sync client. Both cryptomator and our sync client are available for Windows, Mac OS X, Linux, Android and iOS, of course.

If you have questions, what end-to-end-encryption is, and why it’s so important: since Edward Snowden revealed the NSA mass surveillance of the whole internet (i.e. everything) in 2013, we all have to protect us against espionage. Other threats against the secrecy of your data are hackers and admins, which you maybe don’t want to trust with all of your data.

End-to-end encryption protects you against some of these threats; especially against admins. Your data is then stored encrypted in the ownCloud and gets only decrypted on your client devices, i.e. your phone or PC. This does not protect you, if someone hacks your client device – then they may be able to intercept your passphrase too. But it is already a big step towards protection of your data.

If you want more advice how to protect your privacy, let Snowden explain it himself. It is not rocket science!



Here is a short and easy to follow step-by-step guide to set up cryptomator:

  1. (If you have not done it yet) install and set up the ownCloud sync client.
    1. Choose a folder, which will contain your synced cloud data.
  2. Download Cryptomator.
  3. Create an encrypted vault:
    1. Click on the + to create a vault,
    2. Choose a location inside your sync folder to save it and
    3. Pick a nice passphrase.
  4. Unlock your encrypted vault:
    1. Enter your passphrase
    2. The vault is now mounted via webdav, you can access it in your file manager. All data you put in there is safe!

3 Responses to “How to set up end-to-end-encryption with Cryptomator”

  1. Antonio

    Ok, thanks!!

  2. Antonio

    Hi! I’ve just installed Cryptomator, and created a vault inside my owncloud folder. Once the vault is closed, I can see two files already encrypted (the ones I copied into the vault); also, there are two additional files, masterkey.cryptomator and masterkey.cryptomator.bkup.
    Inside those files, I can see the vales of parameters “primaryMasterKey” and “hmacMasterKey”.
    Sorry for my ignorance but… Could these two files be used to decrypt the vault files by anyone with access to the owncloud folder? Mainly, the owncloud admin…

    • Sipsap

      No, these files do contain file encryption keys but these are in turn encrypted using your passphrase.

Comments are closed.